CVE-2013-4626

2013-09-2615:55:00

CWE-79

[email protected]

web.nvd.nist.gov

security

vulnerability

xss

backwpup

wordpress

nvd

cve-2013-4626

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.1%

JSON

Cross-site scripting (XSS) vulnerability in the BackWPup plugin before 3.0.13 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter to wp-admin/admin.php.

CPENameOperatorVersion
marketpress:backwpup_pluginmarketpress backwpup pluginle3.0.12
marketpress:backwpup_pluginmarketpress backwpup plugineq3.0
marketpress:backwpup_pluginmarketpress backwpup plugineq3.0.1
marketpress:backwpup_pluginmarketpress backwpup plugineq3.0.2
marketpress:backwpup_pluginmarketpress backwpup plugineq3.0.3
marketpress:backwpup_pluginmarketpress backwpup plugineq3.0.4
marketpress:backwpup_pluginmarketpress backwpup plugineq3.0.5
marketpress:backwpup_pluginmarketpress backwpup plugineq3.0.6
marketpress:backwpup_pluginmarketpress backwpup plugineq3.0.7
marketpress:backwpup_pluginmarketpress backwpup plugineq3.0.8

CPE	Name	Operator	Version
marketpress:backwpup_plugin	marketpress backwpup plugin	le	3.0.12
marketpress:backwpup_plugin	marketpress backwpup plugin	eq	3.0
marketpress:backwpup_plugin	marketpress backwpup plugin	eq	3.0.1
marketpress:backwpup_plugin	marketpress backwpup plugin	eq	3.0.2
marketpress:backwpup_plugin	marketpress backwpup plugin	eq	3.0.3
marketpress:backwpup_plugin	marketpress backwpup plugin	eq	3.0.4
marketpress:backwpup_plugin	marketpress backwpup plugin	eq	3.0.5
marketpress:backwpup_plugin	marketpress backwpup plugin	eq	3.0.6
marketpress:backwpup_plugin	marketpress backwpup plugin	eq	3.0.7
marketpress:backwpup_plugin	marketpress backwpup plugin	eq	3.0.8