The Migration, Backup, Staging WordPress plugin before 0.9.69 does not have authorisation when adding remote storages, and does not sanitise as well as escape a parameter from such unauthenticated requests before outputting it in admin page, leading to a Stored Cross-Site Scripting issue
[
{
"product": "Migration, Backup, Staging – WPvivid Backup and Migration Plugin",
"vendor": "Unknown",
"versions": [
{
"lessThan": "0.9.69",
"status": "affected",
"version": "0.9.69",
"versionType": "custom"
}
]
}
]