CVE-2022-1577

CVE-2022-1577: Database Backup for WordPress < 2.5.2 - Arbitrary Schedule Settings Update via CSRF

Vendor Unknown

Product Database Backup for WordPress

Weakness CWE-352 · CSRF

Published June 6, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails to themselves, which contain more details. Or disable the automatic backup schedule

Key dates

02Disclosure timeline

June 6, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1577 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2024-10448 code-projects Blood Bank Management System delete.php cross-site request forgery CVE-2024-34069 Werkzeug's improper usage of a pathname and improper CSRF protection results in the remote command execution CVE-2023-48323 WordPress Awesome Support Plugin <= 6.1.4 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2025-3150 itning Student Homework Management System cross-site request forgery CVE-2022-25614 WordPress eRoom plugin <= 1.3.7 - Cross-Site Request Forgery (CSRF) leading to Sync with Zoom Meetings vulnerability