The Database Backup for WordPress plugin before 2.5.2...
Moderate severity
Unreviewed
Published
Jun 9, 2022
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Description
Published by the National Vulnerability Database
Jun 8, 2022
Published to the GitHub Advisory Database
Jun 9, 2022
Last updated
Jan 27, 2023
The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails to themselves, which contain more details. Or disable the automatic backup schedule
References