← Back

CVE-2019-25224

nvd nist
Published: Jul 25, 2025Modified: Aug 11, 2025

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: security@wordfence.com (Secondary)

Description

The WP Database Backup plugin for WordPress is vulnerable to OS Command Injection in versions before 5.2 via the mysqldump function. This vulnerability allows unauthenticated attackers to execute arbitrary commands on the host operating system.

Affected (1)

Wpseeds
1 product
Wp Database Backup
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Wp Database Backup
Before 5.2

Related CWEs

CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (6)

Source: security@wordfence.com
ExploitThird Party Advisory
Source: security@wordfence.com
ExploitThird Party Advisory
Source: security@wordfence.com
Patch
Source: security@wordfence.com
Exploit
Source: security@wordfence.com
ExploitThird Party Advisory
Source: security@wordfence.com
Third Party Advisory

Timeline

No history available yet.