Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total6
Critical0
High3
Medium3
Reset
Showing 1-6 of 6 records
Threat Entry Updated 2025-03-01

CVE-2024-13910 - Database Backup Plugin

The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'database_backup_ajax_delete' function in all versions up to, and including, 2.35. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). The vulnerability was partially patched in version 2.36.

PLUGIN Database Backup

CVE-2024-13910

HIGH CVSS 7.2 2025-03-01
Open Full Technical Breakdown
Threat Entry Updated 2025-03-01

CVE-2024-13911 - Database Backup Plugin

The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35 via the /dashboard/backup.php file. This makes it possible for authenticated attackers, with Administrator-level access and above, to extract sensitive data including full database credentials.

PLUGIN Database Backup

CVE-2024-13911

HIGH CVSS 7.2 2025-03-01
Open Full Technical Breakdown
Threat Entry Updated 2024-12-24

CVE-2024-12850 - Database Backup Plugin

The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.32 via the database_backup_ajax_download() function. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

PLUGIN Database Backup

CVE-2024-12850

MEDIUM CVSS 4.9 2024-12-24
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-1577 - Database Backup Plugin

The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails to themselves, which contain more details. Or disable the automatic backup schedule

PLUGIN Database Backup

CVE-2022-1577

MEDIUM CVSS 5.4 2022-06-08
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-0255 - Database Backup Plugin

The Database Backup for WordPress plugin before 2.5.1 does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL injection issue

PLUGIN Database Backup

CVE-2022-0255

HIGH CVSS 7.2 2022-02-21
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2021-24322 - Database Backup Plugin

The Database Backup for WordPress plugin before 2.4 did not escape the backup_recipient POST parameter in before output it back in the attribute of an HTML tag, leading to a Stored Cross-Site Scripting issue.

PLUGIN Database Backup

CVE-2021-24322

MEDIUM CVSS 5.4 2021-06-01
Open Full Technical Breakdown
Scroll to top