CVE-2017-1000086

Name of the Vulnerable Software and Affected Versions Periodic Backup Plugin (affected versions not specified)

Description The issue allows any user with Overall/Read access to modify the plugin's settings, initiate backups, restore backups, download backups, and delete previous backups through log rotation. This is due to the lack of permission checks. Furthermore, the plugin is vulnerable to Cross-Site Request Forgery attacks because it does not require requests to its API to be sent via POST.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.