The wp-database-backup plugin before 5.1.2 for WordPress has XSS.

*   Details
*   Reviews
*   Installation
*   Development

WP Database Backup plugin helps you to create Database Backup and Restore Database Backup easily on single click. Manual or Automated Database Backups And also store database backup on safe place- Dropbox,FTP,Email,Google drive, Amazon S3

**Features**

*   Create Database Backup  
    WP Database Backup plugin helps you to create Database Backup easily on single click.
*   Auto Backup  
    Backup automatically on a repeating **schedule**
*   Download backup file direct from your WordPress dashboard
*   Easy To Install(Very easy to use)  
    WP Database Backup is super easy to install.
*   Simple to configure(very less configuration), less than a minute.
*   Restore Database Backup  
    WP Database Backup plugin helps you to Restore Database Backup easily on single click.
*   Multiple storage destinations
*   Store database backup on safe place- **Dropbox, Google drive, Amazon s3,FTP,Email**
*   Reporting- Sends emailed backups and backup reports to any email addresses
*   **Exclude Table**
*   Database backup list pagination
*   Search and Replace in database backup file.
*   Search backup from list(Date/ Database Size)
*   Sort backup list (Date/ Database Size)
*   Save database backup file in zip format on local server And Send database backup file to destination in zip format
*   Documentation

**Support**

*   https://backupforwp.com/support

1.  Download the plugin file, unzip and place it in your wp-content/plugins/ folder. You can alternatively upload it via the WordPress plugin backend.
2.  Activate the plugin through the ‘Plugins’ menu in WordPress.
3.  WP Database Backup menu will appear in Dashboard->Backups. Click on it & get started to use.

**How to create database Backup?**

Follow the steps listed below to Create Database Backup

Create Backup:

1) Click on Create New Database Backup

2) Download Database Backup file.

**How to restore database backup?**

Restore Backup:

Click on Restore Database Backup

OR

1)Login to phpMyAdmin

2)Click Databases and select the database that you will be importing your data into.

3)Across the top of the screen will be a row of tabs. Click the Import tab.

4)On the next screen will be a location of text file box, and next to that a button named Browse.

5)Click Browse. Locate the backup file stored on your computer.

6)Click the Go button

**Always get an empty (0 bits) backup file?**

This is generally caused by an access denied problem.

You don’t have permission to write in the wp-content/uploads.

Please check if you have the read write permission on the folder.

**On Click Create New Database Backup it goes to blank page**

if the site is very large, it takes time to create the database backup. And if the server execution time is set to low value, you get go to blank page.  
There may be chance your server max execution time is 30 second. Please check debug log file.  
You will need to ask your hosting services to increase the execution time and the plugin will work fine for large data.  
You can also try to increase execution time. Please make below changes – Add below line

php.ini

max\_execution\_time = 180 ;

Also Please make sure that you have write permission to Backup folder and also check your log file.

**Want more features?**

If you want more features then please contact us at

Very good tool, it does its job as describe.

Easy to use UI and just does the job nicely ! Great Plugin 🙂

Great backup plugin with an overall great and useable interface.

I don't know why, but with Wordpress 5.9 this plugin is broken.

WP Database Backup is all that you need to make database backups. This is really an amazing plugin, probably the best plugin to back up a WordPress database. I really love the scheduling feature. Just a question, does it offer an API to schedule the backups using an external cron? It would be great if you can trigger the automatic backups using the cron of the server instead of the inbuilt WP cron. Because all the pages are served by server cache, I would prefer an external cron.

Does not restore the database. Had to restore it using phpmyadmin. Scheduler does not work as intended. Just keep taking hourly backups. You can't set it to twice daily or daily etc. Author does not respond to queries in support forum on time.

Read all 72 reviews

“WP Database Backup – Unlimited Database & Files Backup by Backup for WP” is open source software. The following people have contributed to this plugin.

Contributors

CVE-2019-14949: WP Database Backup – Unlimited Database & Files Backup by Backup for WP

The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS.

CVE-2015-9306: Import All Pages, Post types, Products, Orders, and Users as XML & CSV

The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS.

CVE-2019-14799: FV Flowplayer Video Player

The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter.

CVE-2019-14787: Newsletters

The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter.

CVE-2019-14792

The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF.

CVE-2019-14683: Import and export users and customers

The woo-variation-swatches (aka Variation Swatches for WooCommerce) plugin 1.0.61 for WordPress allows XSS via the wp-admin/admin.php?page=woo-variation-swatches-settings tab parameter.

CVE-2019-14774

A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php.

Timestamp:

07/25/2019 09:33:24 AM (4 years ago)

webdorado

Message:

Fixed: security issue  

Location:

photo-gallery/trunk

Files:

  

*   filemanager/model.php (2 diffs)
*   photo-gallery.php (2 diffs)
*   readme.txt (2 diffs)

**Legend:**

Unmodified

Added

Removed

*   **photo-gallery/trunk/filemanager/model.php**
    
    r2087021
    
    r2128378
    
     
    
    50
    
    50
    
            $orderby = $params\['orderby'\];
    
    51
    
    51
    
            $order = $params\['order'\];
    
     
    
    52
    
        if ( $orderby != 'size' && $orderby != 'name' ) {
    
     
    
    53
    
          $orderby = 'date\_modified';
    
     
    
    54
    
        }
    
     
    
    55
    
        if ( $order != 'asc' ) {
    
     
    
    56
    
          $order = 'desc';
    
     
    
    57
    
        }
    
    52
    
    58
    
            $search = $params\['search'\];
    
    53
    
    59
    
            $page\_num = $params\['page\_num'\];
    
    …
    
    …
    
     
    
    149
    
    155
    
            $orderby = $params\['orderby'\];
    
    150
    
    156
    
            $order = $params\['order'\];
    
     
    
    157
    
        if ( $orderby != 'size' && $orderby != 'name' ) {
    
     
    
    158
    
          $orderby = 'date\_modified';
    
     
    
    159
    
        }
    
     
    
    160
    
        if ( $order != 'asc' ) {
    
     
    
    161
    
          $order = 'desc';
    
     
    
    162
    
        }
    
    151
    
    163
    
    152
    
    164
    
            $query  = ' SELECT \* FROM \`' . $wpdb->prefix . 'bwg\_file\_paths\`';
    
*   **photo-gallery/trunk/photo-gallery.php**
    
    r2120867
    
    r2128378
    
     
    
    4
    
    4
    
     \* Plugin URI: https://10web.io/plugins/wordpress-photo-gallery/?utm\_source=photo\_gallery&utm\_medium=free\_plugin
    
    5
    
    5
    
     \* Description: This plugin is a fully responsive gallery plugin with advanced functionality.  It allows having different image galleries for your posts and pages. You can create unlimited number of galleries, combine them into albums, and provide descriptions and tags.
    
    6
    
     
    
     \* Version: 1.5.30
    
     
    
    6
    
     \* Version: 1.5.31
    
    7
    
    7
    
     \* Author: Photo Gallery Team
    
    8
    
    8
    
     \* Author URI: https://10web.io/plugins/?utm\_source=photo\_gallery&utm\_medium=free\_plugin
    
    …
    
    …
    
     
    
    85
    
    85
    
        $this->plugin\_url = plugins\_url(plugin\_basename(dirname(\_\_FILE\_\_)));
    
    86
    
    86
    
        $this->main\_file = plugin\_basename(\_\_FILE\_\_);
    
    87
    
     
    
        $this->plugin\_version = '1.5.30';
    
    88
    
     
    
        $this->db\_version = '1.5.30';
    
     
    
    87
    
        $this->plugin\_version = '1.5.31';
    
     
    
    88
    
        $this->db\_version = '1.5.31';
    
    89
    
    89
    
        $this->prefix = 'bwg';
    
    90
    
    90
    
        $this->nicename = \_\_('Photo Gallery', $this->prefix);
    
*   **photo-gallery/trunk/readme.txt**
    
    r2120867
    
    r2128378
    
     
    
    4
    
    4
    
    Requires at least: 3.4
    
    5
    
    5
    
    Tested up to: 5.2
    
    6
    
     
    
    Stable tag: 1.5.30
    
     
    
    6
    
    Stable tag: 1.5.31
    
    7
    
    7
    
    License: GPLv2 or later
    
    8
    
    8
    
    License URI: http://www.gnu.org/licenses/gpl-2.0.html
    
    …
    
    …
    
     
    
    282
    
    282
    
    283
    
    283
    
    \== Changelog ==
    
     
    
    284
    
     
    
    285
    
    \= 1.5.31 =
    
     
    
    286
    
    \* Fixed: Vulnerability.
    
    284
    
    287
    
    285
    
    288
    
    \= 1.5.30 =
    

**Note:** See TracChangeset for help on using the changeset viewer.

CVE-2019-14313: Changeset 2128378 – WordPress Plugin Repository

A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.

CVE-2019-13571

WebAppick WooCommerce Product Feed 2.2.18 and earlier is affected by: Cross Site Scripting (XSS). The impact is: XSS to RCE via editing theme files in WordPress. The component is: admin/partials/woo-feed-manage-list.php:63. The attack vector is: Administrator must be logged in.

Tag

#wordpress