5.8
CVE-2022-1577
- EPSS 0.4%
- Veröffentlicht 08.06.2022 10:15:09
- Zuletzt bearbeitet 21.11.2024 06:41:00
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginDatabase Backup for WordPress < 2.5.2 - Arbitrary Schedule Settings Update via CSRF
Database Backup for WordPress <= 2.5.1 - Cross-Site Request Forgery to Settings Update
The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails to themselves, which contain more details. Or disable the automatic backup schedule
Mögliche Gegenmaßnahme
Database Backup for WordPress: Update to version 2.5.2, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Deliciousbrains ≫ Database Backup SwPlatformwordpress Version < 2.5.2
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Database Backup for WordPress
Version
[*, 2.5.2)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.4% | 0.318 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
https://wpscan.com/vulnerability/39388900-266d-4308-88e7-d40ca6bbe346
https://www.wordfence.com/threat-intel/vulnerabilities/id/211350ac-24c4-4aa7-aea6-5dc44f753185