Primary

Context

Database Backup and Check Tables Automated With Scheduler 2024 Sensitive Information Exposure Vulnerability

Vulnerability

A vulnerability allowing sensitive information exposure has been identified in the Database Backup and Check Tables Automated With Scheduler 2024 plugin for WordPress, in all versions through 2.35. The issue resides in the dashboard/backup.php file, where authenticated attackers with Administrator-level access can access full database credentials.

Impact

Exposing sensitive information, specifically full database credentials, to authenticated users with Administrator privileges.

Reproduction

To reproduce this vulnerability, an authenticated user with Administrator-level access can navigate to the dashboard/backup.php file. The vulnerability can be exploited by accessing the backup management features, which will inadvertently expose the database credentials due to the lack of proper access controls.

Remediation

Users are advised to update the plugin to version 2.36 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.8

remediation

7.7

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.8

remediation

7.7

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Database Backup and Check Tables Automated With Scheduler 2024 Sensitive Information Exposure Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating