Lucene search

CVE-2022-4897

🗓️ 21 Feb 2023 09:11:15Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 65 Views🌐 WEB

The BackupBuddy WordPress plugin before 8.8.3 is vulnerable to Reflected Cross-Site Scriptin

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 10
RedhatCVE	CVE-2022-4897	23 May 202500:30	–	redhatcve
Nuclei	WordPress BackupBuddy <8.8.3 - Cross Site Scripting	5 Mar 202313:42	–	nuclei
Patchstack	WordPress BackupBuddy Plugin < 8.8.3 is vulnerable to Cross Site Scripting (XSS)	31 Jan 202300:00	–	patchstack
NVD	CVE-2022-4897	21 Feb 202309:15	–	nvd
WPVulnDB	BackupBuddy < 8.8.3 - Multiple Reflected Cross-Site Scripting	30 Jan 202300:00	–	wpvulndb
Vulnrichment	CVE-2022-4897 BackupBuddy < 8.8.3 - Multiple Reflected Cross-Site Scripting	21 Feb 202308:50	–	vulnrichment
Prion	Cross site scripting	21 Feb 202309:15	–	prion
Cvelist	CVE-2022-4897 BackupBuddy < 8.8.3 - Multiple Reflected Cross-Site Scripting	21 Feb 202308:50	–	cvelist
wpexploit	BackupBuddy < 8.8.3 - Multiple Reflected Cross-Site Scripting	30 Jan 202300:00	–	wpexploit
Wordfence Blog	Wordfence Intelligence CE Weekly Vulnerability Report (1-30-2023 to 2-5-2023)	9 Feb 202315:31	–	wordfence

Nvd

Vulners

Node

ithemes backupbuddyRange<8.8.3wordpress

[
  {
    "vendor": "Unknown",
    "product": "BackupBuddy",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "8.8.3"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/7b0eeafe-b9bc-43b2-8487-a23d3960f73f

Parameter	Position	Path	Description	CWE
step	request body	/wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function=migrate_status	Reflected Cross-Site Scripting due to lack of sanitization of input parameters.	CWE-79
file	request body	/wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function=remote_send	Reflected Cross-Site Scripting due to lack of sanitization of input parameters.	CWE-79
archive	query param	/wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function=restore_file_view&archive=--!><svg/onload=alert(/XSS/)>-	Reflected Cross-Site Scripting due to lack of sanitization of input parameters.	CWE-79
file	query param	/wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function=restore_file_view&file=--!><svg/onload=alert(/XSS/)>-	Reflected Cross-Site Scripting due to lack of sanitization of input parameters.	CWE-79
serial	query param	/wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function=view_log&serial=	Reflected Cross-Site Scripting due to lack of sanitization of input parameters.	CWE-79
callback_data	query param	/wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function=destination_picker&add=local&filter=local&callback_data=	Reflected Cross-Site Scripting due to lack of sanitization of input parameters.	CWE-79
sending	query param	/wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function=destination_picker&add=local&filter=local&sending=	Reflected Cross-Site Scripting due to lack of sanitization of input parameters.	CWE-79

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

21 Feb 2023 09:15Current

6.2Medium risk

Vulners AI Score6.2

CVSS36.1

EPSS0.10682

SSVC