cbcvebase.

Neoslab Database Toolset vulnerabilities

3 known vulnerabilities affecting neoslab/database_toolset.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2025-3065P2CRITICALCVSS 9.1≤ 1.8.42025-04-24
CVE-2025-3065 [CRITICAL] CWE-22 CVE-2025-3065: The Database Toolset plugin is vulnerable to arbitrary file deletion due to insufficient file path v The Database Toolset plugin is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp
nvd
CVE-2025-32633P3HIGHCVSS 8.6≤ 1.8.42025-04-11
CVE-2025-32633 [HIGH] CWE-22 CVE-2025-32633: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in neos Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in neoslab Database Toolset database-toolset allows Path Traversal.This issue affects Database Toolset: from n/a through <= 1.8.4.
nvd
CVE-2025-4222P3MEDIUMCVSS 5.9≤ 1.8.42025-05-03
CVE-2025-4222 [MEDIUM] CWE-200 CVE-2025-4222: The Database Toolset plugin for WordPress is vulnerable to Sensitive Information Exposure in all ver The Database Toolset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.4 via backup files stored in a publicly accessible location. This makes it possible for unauthenticated attackers to extract sensitive data from database backup files. An index file is present, so a brute force attack wou
nvd
Neoslab Database Toolset vulnerabilities | cvebase