CVE-2024-12850

The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Directory Traversal in all versions up to and including 2.32. The vulnerability exists in the database_backup_ajax_download() function, which fails to properly sanitize user-supplied file paths, allowing an attacker to traverse directories and read arbitrary files on the server [1].

To exploit this vulnerability, an attacker must have authenticated administrator-level access to the WordPress site. The function uses user input directly in file operations without adequate validation or sanitization, enabling path traversal sequences (e.g., ../) to access files outside the intended directory. This allows attackers to read sensitive files such as wp-config.php, which contains database credentials and other configuration details.

The impact of successful exploitation is the disclosure of sensitive information, including database credentials, API keys, and other secrets stored on the server. This could lead to further compromise of the WordPress site and its data.

As of the publication date, a patched version (2.33) should be available. Users are strongly advised to update the plugin immediately. If no update is available, administrators should restrict plugin access and monitor for suspicious file reads.