CVE-2021-24174

CVE-2021-24174: Database Backups <= 1.2.2.6 - CSRF to Backup Download

Vendor Unknown
Product Database Backups
Weakness CWE-352 · CSRF
Published April 5, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups.

Key dates

02Disclosure timeline

April 5, 2021 CVE published
August 3, 2024 Record updated