Description
WordPress Plugin DB Backup is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin DB Backup version 4.5 is vulnerable; prior versions may also be affected.
Remediation
Edit the source code to ensure that input is properly verified or disable the plugin until a fix is available
References
Related Vulnerabilities
Drupal Improper Input Validation Vulnerability (CVE-2010-2473)
WordPress Plugin Yoast SEO Cross-Site Scripting (22.5)
WordPress Plugin A Page Flip Book 'pageflipbook_language' Parameter Local File Include (2.3)
Drupal Core 8.x.x Cross-Site Request Forgery (8.0.0 - 8.7.14)
WordPress Plugin Post to CSV by BestWebSoft CSV Injection (1.4.0)