Login

Tag Archives: WP Database Backup

24 Apr 2019

Security Changes Led To Us Noticing Settings Change Vulnerability in WP Database Backup

One of the things we do to provide our customers with the best data on vulnerabilities that exist in WordPress plugins they use is to monitor changelogs for mentions of security fixes, sometimes the changes made don’t seem like they are actually fixing the vulnerability mentioned. Take the latest version of WP Database Backup, where the changelog is “Fixed Vulnerability – XSS issue”. Looking at the changes made in that version it doesn’t look like is really doing that though.

For example, in one line of code that was changed, there was already in place sanitization, which should prevent cross-site scripting (XSS): [Read more]

25 Feb 2019

Vulnerability Details: Information Disclosure in WP Database Backup

The changelog for the latest version of WP Database Backup is “Fixed Vulnerability”. Looking the changes made in that version we found that what was fixed was an information disclosure vulnerability that exposed the access token used when saving backups to Google Drive.

[Read more]

28 Oct 2016

Vulnerability Details: Cross-Site Request Forgery (CSRF) Vulnerability in WP Database Backup

From time to time vulnerabilities are fixed in plugin without someone putting out a report on the vulnerability and we will put out a post detailing the vulnerability. While putting out the details of the vulnerability increases the chances of it being exploited, it also can help to identify vulnerabilities that haven’t been fully fixed (in some cases not fixed at all) and help to identify additional vulnerabilities in the plugin.

[Read more]