Critical severity9.8NVD Advisory· Published Jul 25, 2025· Updated Jun 17, 2026
CVE-2019-25224
CVE-2019-25224
Description
The WP Database Backup plugin for WordPress is vulnerable to OS Command Injection in versions before 5.2 via the mysqldump function. This vulnerability allows unauthenticated attackers to execute arbitrary commands on the host operating system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <5.2
- databasebackup/WP Database Backup – Unlimited Database & Files Backup by Backup for WPv5Range: 0
Patches
Vulnerability mechanics
References
6- plugins.trac.wordpress.org/changeset/2078035/wp-database-backupnvdPatch
- blog.sucuri.net/2019/06/os-command-injection-in-wp-database-backup.htmlnvdExploitThird Party Advisory
- packetstormsecurity.com/files/153781/nvdExploitThird Party Advisory
- raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/wp_db_backup_rce.rbnvdExploit
- www.wordfence.com/blog/2019/05/os-command-injection-vulnerability-patched-in-wp-database-backup-plugin/nvdExploitThird Party Advisory
- www.wordfence.com/threat-intel/vulnerabilities/id/d21cf285-9d75-43a2-9e81-67116f0bf896nvdThird Party Advisory
News mentions
0No linked articles in our index yet.