Vulnerabilities > CVE-2021-24174 - Unspecified vulnerability in Database-Backups Project Database-Backups 1.2.2.6
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE Summary
The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
References
- http://packetstormsecurity.com/files/163091/WordPress-Database-Backups-1.2.2.6-Cross-Site-Request-Forgery.html
- http://packetstormsecurity.com/files/163091/WordPress-Database-Backups-1.2.2.6-Cross-Site-Request-Forgery.html
- https://wpscan.com/vulnerability/350c3e9a-bcc2-486a-90e6-d1dc13ce1bd5
- https://wpscan.com/vulnerability/350c3e9a-bcc2-486a-90e6-d1dc13ce1bd5