CVE-2019-25224

Critical CVSS 9.8

Overview

The WP Database Backup plugin for WordPress is vulnerable to OS Command Injection in versions before 5.2 via the mysqldump function. This vulnerability allows unauthenticated attackers to execute arbitrary commands on the host operating system.

CWE: CWE-78 Published: 2025-07-25T03:15:32.690

Risk analysis

This vulnerability is rated 🔴 CRITICAL.

CVSS: 9.8 (CRITICAL)
Detected tags: command_injection, wordpress (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags