CVE-2024-13911

high

Description

The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35 via the /dashboard/backup.php file. This makes it possible for authenticated attackers, with Administrator-level access and above, to extract sensitive data including full database credentials.

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/c548b70a-8566-4aaf-a3a2-fce6c19e6a0c?source=cve

https://plugins.trac.wordpress.org/changeset/3247917/

https://plugins.trac.wordpress.org/browser/database-backup/trunk/dashboard/backup.php#L66

https://plugins.trac.wordpress.org/browser/database-backup/trunk/dashboard/backup.php#L65

https://plugins.trac.wordpress.org/browser/database-backup/trunk/dashboard/backup.php#L64

https://plugins.trac.wordpress.org/browser/database-backup/trunk/dashboard/backup.php#L63

https://plugins.trac.wordpress.org/browser/database-backup/trunk/dashboard/backup.php#L62

Details

Source: Mitre, NVD

Published: 2025-03-01

Updated: 2025-03-01

Risk Information

CVSS v2

Base Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00102