VYPR

Database Backup

by WordPress

Source repositories

CVEs (7)

  • CVE-2021-24174HigApr 5, 2021
    risk 0.56cvss 8.1epss 0.03

    The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups.

  • CVE-2026-4029HigMay 14, 2026
    risk 0.42cvss 7.5epss 0.00

    The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and including, 2.5.2. This is due to the plugin not properly enforcing the return value of its authorization check. This makes it possible for…

  • CVE-2024-13910HigMar 1, 2025
    risk 0.40cvss 7.2epss 0.01

    The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'database_backup_ajax_delete' function in all versions up to, and including, 2.35. This makes it…

  • CVE-2024-13911HigMar 1, 2025
    risk 0.40cvss 7.2epss 0.01

    The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35 via the /dashboard/backup.php file. This makes it possible for authenticated attackers, with…

  • CVE-2022-1577MedJun 8, 2022
    risk 0.35cvss 5.4epss 0.00

    The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup…

  • CVE-2024-12850MedDec 24, 2024
    risk 0.25cvss 4.9epss 0.01

    The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.32 via the database_backup_ajax_download() function. This makes it possible for authenticated attackers, with…

  • CVE-2024-8702May 15, 2025
    risk 0.00cvss epss 0.00

    The Backup Database WordPress plugin through 4.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…