PT-2025-9163 · WordPress · Database Backup/Check Tables Automated With Scheduler 2024

Dzmitry Sviatlichny

Published

2025-03-01

Updated

2025-03-06

CVE-2024-13911

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress versions up to and including 2.35

Description The issue allows authenticated attackers with Administrator-level access and above to extract sensitive data, including full database credentials, via the "dashboard/backup.php" file.

Recommendations For versions up to and including 2.35, consider restricting access to the /dashboard/backup.php file until a patch is available. As a temporary workaround, limit Administrator-level access to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2024-13911

Affected Products

Database Backup/Check Tables Automated With Scheduler 2024

PT-2025-9163 · WordPress · Database Backup/Check Tables Automated With Scheduler 2024

CVE-2024-13911

Weakness Enumeration

Related Identifiers

Affected Products

References · 15