The multiple vulnerabilities exist due to not checking the authentication of the user properly in the wp_ajax_* action calls. This results in SQL injection, backup download, backup deletion and backup restoration in the backup feature of the plugin. Authentication is required, but this can be of any user role. Edit (WPScanTeam): Original advisory reported fixed in 4.9, however the 4.9 was missing CSRF checks, which have been added in 5.1

First seen on:

Share This: