Database Backups <= 22.214.171.124 - CSRF to Backup Download
The plugin does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups.
When generating a backup, the file is created in the /wp-content/uploads/database-backups directory, with a format containing the date the backup was made, without any access restriction, leaving it exposed if an attacker guesses their path or the blog is misconfigured to allow directory listing.
The issue was sent to the WordPress plugin Team on February 10th, 2021.
Proof of Concept
The PoC will be displayed once the issue has been remediated