Wp Database Backup
by WordPress
Source repositories
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-12330 | Hig | 0.49 | 7.5 | 0.00 | Jan 9, 2025 | The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.3 via publicly accessible back-up files. This makes it possible for unauthenticated… | ||
| CVE-2022-2271 | 0.00 | — | 0.00 | Sep 5, 2022 | The WP Database Backup WordPress plugin before 5.9 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | |||
| CVE-2020-7241 | 0.00 | — | 0.02 | Jan 20, 2020 | The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 2020_{0..1}{0..2}_{0..3}{0..9}… | |||
| CVE-2019-14949 | 0.00 | — | 0.01 | Aug 12, 2019 | The wp-database-backup plugin before 5.1.2 for WordPress has XSS. | |||
| CVE-2016-10873 | 0.00 | — | 0.01 | Aug 12, 2019 | The wp-database-backup plugin before 4.3.3 for WordPress has XSS. | |||
| CVE-2016-10874 | 0.00 | — | 0.01 | Aug 12, 2019 | The wp-database-backup plugin before 4.3.3 for WordPress has CSRF. | |||
| CVE-2016-10875 | 0.00 | — | 0.01 | Aug 12, 2019 | The wp-database-backup plugin before 4.3.1 for WordPress has XSS. | |||
| CVE-2016-10876 | 0.00 | — | 0.01 | Aug 12, 2019 | The wp-database-backup plugin before 4.3.1 for WordPress has CSRF. |
- risk 0.49cvss 7.5epss 0.00
The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.3 via publicly accessible back-up files. This makes it possible for unauthenticated…
- CVE-2022-2271Sep 5, 2022risk 0.00cvss —epss 0.00
The WP Database Backup WordPress plugin before 5.9 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
- CVE-2020-7241Jan 20, 2020risk 0.00cvss —epss 0.02
The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 2020_{0..1}{0..2}_{0..3}{0..9}…
- CVE-2019-14949Aug 12, 2019risk 0.00cvss —epss 0.01
The wp-database-backup plugin before 5.1.2 for WordPress has XSS.
- CVE-2016-10873Aug 12, 2019risk 0.00cvss —epss 0.01
The wp-database-backup plugin before 4.3.3 for WordPress has XSS.
- CVE-2016-10874Aug 12, 2019risk 0.00cvss —epss 0.01
The wp-database-backup plugin before 4.3.3 for WordPress has CSRF.
- CVE-2016-10875Aug 12, 2019risk 0.00cvss —epss 0.01
The wp-database-backup plugin before 4.3.1 for WordPress has XSS.
- CVE-2016-10876Aug 12, 2019risk 0.00cvss —epss 0.01
The wp-database-backup plugin before 4.3.1 for WordPress has CSRF.