Unrated severityNVD Advisory· Published Jul 25, 2025· Updated Apr 8, 2026

WP Database Backup < 5.2 - Unauthenticated OS Command Injection

CVE-2019-25224

Description

The WP Database Backup plugin for WordPress is vulnerable to OS Command Injection in versions before 5.2 via the mysqldump function. This vulnerability allows unauthenticated attackers to execute arbitrary commands on the host operating system.

Affected products

databasebackup/WP Database Backup – Unlimited Database & Files Backup by Backup for WPv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.sucuri.net/2019/06/os-command-injection-in-wp-database-backup.htmlmitre
packetstormsecurity.com/files/153781/mitre
plugins.trac.wordpress.org/changeset/2078035/wp-database-backupmitre
raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/wp_db_backup_rce.rbmitre
www.wordfence.com/blog/2019/05/os-command-injection-vulnerability-patched-in-wp-database-backup-plugin/mitre
www.wordfence.com/threat-intel/vulnerabilities/id/d21cf285-9d75-43a2-9e81-67116f0bf896mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.065
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000