CVE-2022-1577

Name of the Vulnerable Software and Affected Versions Database Backup for WordPress versions prior to 2.5.2

Description The issue is related to the lack of a CSRF check when updating schedule backup settings. This could allow an attacker to make a logged-in admin change these settings via a CSRF attack, potentially leading to cases where attackers can send backup notification emails to themselves or disable the automatic backup schedule.

Recommendations For versions prior to 2.5.2, update to version 2.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the schedule backup settings to minimize the risk of exploitation.