← Back

Wpseeds

wpseeds

9 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Wp Database Backup
wp_database_backup
8 CVEs
Wp User
wp_user
1 CVE

CVEs (9)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-25224
1Wpseeds
1Wp Database Backup
Aug 11, 2025
Jul 25, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The WP Database Backup plugin for WordPress is vulnerable to OS Command Injection in versions before 5.2 via the mysqldump function. This vulnerability allows unauthenticated attackers to execute arbitrary commands on th...Show more
The WP Database Backup plugin for WordPress is vulnerable to OS Command Injection in versions before 5.2 via the mysqldump function. This vulnerability allows unauthenticated attackers to execute arbitrary commands on the host operating system.Show less
CVE-2022-4519
1Wpseeds
1Wp User
Apr 8, 2026
Dec 15, 2022
N/A· v4
4.8 MEDIUM· v3
N/A· v2
The WP User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 7.0 due to insufficient input sanitization and output escaping. This makes it po...Show more
The WP User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.Show less
CVE-2022-2271
1Wpseeds
1Wp Database Backup
Nov 21, 2024
Sep 5, 2022
N/A· v4
4.8 MEDIUM· v3
N/A· v2
The WP Database Backup WordPress plugin before 5.9 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capabi...Show more
The WP Database Backup WordPress plugin before 5.9 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)Show less
CVE-2020-7241
1Wpseeds
1Wp Database Backup
Nov 21, 2024
Jan 20, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, g...Show more
The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 2020_{0..1}{0..2}_{0..3}{0..9} format, guessing UNIX timestamps, and making HTTPS requests with the complete guessed URL.Show less
CVE-2019-14949
1Wpseeds
1Wp Database Backup
Nov 21, 2024
Aug 12, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The wp-database-backup plugin before 5.1.2 for WordPress has XSS.
CVE-2016-10876
1Wpseeds
1Wp Database Backup
Nov 21, 2024
Aug 12, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
The wp-database-backup plugin before 4.3.1 for WordPress has CSRF.
CVE-2016-10875
1Wpseeds
1Wp Database Backup
Nov 21, 2024
Aug 12, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The wp-database-backup plugin before 4.3.1 for WordPress has XSS.
CVE-2016-10874
1Wpseeds
1Wp Database Backup
Nov 21, 2024
Aug 12, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
The wp-database-backup plugin before 4.3.3 for WordPress has CSRF.
CVE-2016-10873
1Wpseeds
1Wp Database Backup
Nov 21, 2024
Aug 12, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The wp-database-backup plugin before 4.3.3 for WordPress has XSS.