The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups.
WordPress Database Backups plugin version 1.2.2.6 suffers from a cross site request forgery vulnerability in the databased backup download functionality.