CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13910 – Database Backup and check Tables Automated With Scheduler 2024 <= 2.36 - Authenticated (Administrator+) Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2024-13910
28 Feb 2025 — The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'database_backup_ajax_delete' function in all versions up to, and including, 2.35. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). The vulnerabi... • https://plugins.trac.wordpress.org/browser/database-backup/trunk/database-backup.php#L267 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13911 – Database Backup and check Tables Automated With Scheduler 2024 <= 2.35 - Authenticated (Administrator+) Sensitive Information Exposure
https://notcve.org/view.php?id=CVE-2024-13911
28 Feb 2025 — The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35 via the /dashboard/backup.php file. This makes it possible for authenticated attackers, with Administrator-level access and above, to extract sensitive data including full database credentials. • https://plugins.trac.wordpress.org/browser/database-backup/trunk/dashboard/backup.php#L62 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12850 – Database Backup and check Tables Automated With Scheduler 2024 <= 2.32 - Authenticated (Admin+) Arbitrary File Read
https://notcve.org/view.php?id=CVE-2024-12850
23 Dec 2024 — The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.32 via the database_backup_ajax_download() function. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. El complemento Database Backup y check Tables Automated With Scheduler 2024 para WordPress es vulnerabl... • http://plugins.svn.wordpress.org/database-backup/tags/2.32/functions/download.php • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •