WordPress Plugin Vulnerabilities

WP Database Backup < 5.2 - Unauthenticated OS Command Injection

Description

The WP Database Backup WordPress plugin was affected by an Unauthenticated OS Command Injection security vulnerability.

Affects Plugins

Plugin icon
wp-database-backup
Fixed in 5.2

References

URL
https://packetstormsecurity.com/files/#153781/
URL
https://www.wordfence.com/blog/2019/05/os-command-injection-vulnerability-patched-in-wp-database-backup-plugin/
URL
https://plugins.trac.wordpress.org/changeset/2078035/wp-database-backup
URL
https://blog.sucuri.net/2019/06/os-command-injection-in-wp-database-backup.html

Miscellaneous

Submitter
Ryan Dewhurst
Submitter website
https://wpscan.io
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
7d2cb22b-84ef-4b9c-8116-5a0e0eb0c521

Timeline

Publicly Published
2019-04-24 (about 6 years ago)
Added
2019-05-29 (about 6 years ago)
Last Updated
2019-11-27 (about 6 years ago)

Other

Published
Title
Published
2021-09-13
Title
WooCommerce Multi Currency < 2.1.18 - Authenticated Product Price Change
Published
2022-04-13
Title
RSFirewall < 1.1.25 - IP Block Bypass
Published
2022-09-26
Title
Drag and Drop Multiple File Upload < 1.3.6.5 - File Upload Size Limit Bypass
Published
2023-08-04
Title
User Access Manager < 2.2.18 - IP Spoofing
Published
2022-03-25
Title
Safe SVG < 1.9.10 - SVG Sanitisation Bypass