VYPR

Database Backup For Wordpress

by Deliciousdays

CVEs (3)

  • CVE-2026-4031HigMay 14, 2026
    risk 0.42cvss 7.5epss 0.00

    The Database Backup for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.5.2. This is due to the plugin not restricting access to the wp_db_temp_dir parameter, which controls where database backups are written. This…

  • CVE-2026-4029HigMay 14, 2026
    risk 0.42cvss 7.5epss 0.00

    The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check. This makes it possible for…

  • CVE-2021-24322Jun 1, 2021
    risk 0.00cvss epss 0.01

    The Database Backup for WordPress plugin before 2.4 did not escape the backup_recipient POST parameter in before output it back in the attribute of an HTML tag, leading to a Stored Cross-Site Scripting issue.