The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the 'sub' parameter called from the WP STAGING WordPress Backup Plugin - Backup...
7.5CVSS
7.2AI Score
0.001EPSS
Missing Authorization vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through...
5.4CVSS
5.6AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPvivid Team WPvivid Backup for MainWP allows Reflected XSS.This issue affects WPvivid Backup for MainWP: from n/a through...
7.1CVSS
7.2AI Score
0.0005EPSS
The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite...
6.5AI Score
0.0004EPSS
The WP STAGING WordPress Backup Plugin – Migration Backup Restore plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpstg_processing AJAX action in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers,...
9.1CVSS
7.6AI Score
0.001EPSS
Veeam Backup Enterprise Manager allows high-privileged users to read backup session...
2.7CVSS
6.6AI Score
0.0004EPSS
Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise manager service...
7.2CVSS
9.2AI Score
0.0004EPSS
8.8CVSS
6.8AI Score
0.0004EPSS
Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web...
9.8CVSS
6.8AI Score
0.0004EPSS
Improper Privilege Management vulnerability in WPvivid Team WPvivid Backup and Migration allows Privilege Escalation.This issue affects WPvivid Backup and Migration: from n/a through...
8.8CVSS
6.8AI Score
0.0004EPSS
The Jetpack – WP Security, Backup, Speed, & Growth plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpvideo shortcode in all versions up to, and including, 13.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it....
6.4CVSS
5.7AI Score
0.0004EPSS
The WordPress Backup & Migration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wp_mgdp_populate_popup function in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with subscriber access or...
4.3CVSS
6.4AI Score
0.0004EPSS
The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable to Sensitive Information Exposure in versions up to, and including, 3.4.3, and versions up to, and including, 5.4.3, respectively, via the ajaxSendReport function. This makes it possible for unauthenticated attackers to extract....
5.3CVSS
6.3AI Score
0.0004EPSS
Insertion of Sensitive Information into Log File vulnerability in Inisev Backup Migration.This issue affects Backup Migration: from n/a through...
5.3CVSS
6.8AI Score
0.0004EPSS
The WP STAGING WordPress Backup Plugin WordPress plugin before 3.4.0, wp-staging-pro WordPress plugin before 5.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html...
7.6AI Score
0.0004EPSS
The Everest Backup WordPress plugin before 2.2.5 does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite...
9.2AI Score
0.0004EPSS
WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR Deserialization in all versions up to, and including, 0.9.99 via deserialization of untrusted input at the wpvividstg_get_custom_exclude_path_free action. This is due to the plugin not providing sufficient path validation on the....
7.2CVSS
6.7AI Score
0.0004EPSS
Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through...
3.7CVSS
9.3AI Score
0.0004EPSS
The Backup and Restore WordPress WordPress plugin through 1.45 does not protect some log files containing sensitive information such as site configuration etc, allowing unauthenticated users to access such...
6.3AI Score
0.0004EPSS
The Backup Bolt WordPress plugin through 1.3.0 is vulnerable to Information Exposure via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system errors which could contain sensitive...
9.1AI Score
0.0004EPSS
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.7 via the backup_name parameter in the backuply_download_backup function. This makes it possible for attackers to have an account with only...
4.9CVSS
9.2AI Score
0.0004EPSS
The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 0.9.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
6.1CVSS
6.4AI Score
0.0004EPSS
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the get_restore_progress() and restore() functions in all versions up to, and including, 0.9.68. This makes it possible for unauthenticated attackers to exploit a....
6.5CVSS
7.3AI Score
0.0004EPSS
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to SQL Injection via the 'table_prefix' parameter in version 0.9.68 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
9.8CVSS
9.6AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Duplicator Duplicator – WordPress Migration & Backup Plugin.This issue affects Duplicator – WordPress Migration & Backup Plugin: from n/a through...
6.5CVSS
6.4AI Score
0.0004EPSS
The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it possible for authenticated attackers, with...
2.2CVSS
4.9AI Score
0.0004EPSS
A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery. Affected Products: UniFi Access Points UniFi Switches UniFi LTE Backup UniFi Express (Only Mesh Mode, Router mode is not affected)...
6.7AI Score
0.0004EPSS
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive...
7.5CVSS
7.5AI Score
0.0005EPSS
The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore() and get_restore_progress() function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain...
5.3CVSS
6.1AI Score
0.001EPSS
9.8CVSS
9.4AI Score
0.001EPSS
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo...
8.8CVSS
9AI Score
0.002EPSS
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime...
8.8CVSS
9AI Score
0.002EPSS
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK...
8.8CVSS
9AI Score
0.002EPSS
Vinchin Backup & Recovery v7.2 was discovered to be configured with default root...
9.8CVSS
9.4AI Score
0.001EPSS
The WP STAGING WordPress Backup plugin before 3.2.0 allows access to cache files during the cloning process which...
7.5CVSS
7.6AI Score
0.001EPSS
The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.3 via the node_id parameter in the backuply_get_jstree function. This makes it possible for attackers with administrator privileges or higher to...
6.5CVSS
5.2AI Score
0.001EPSS
The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMI_BACKUP case of the handle_downloading function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to...
7.5CVSS
7.2AI Score
0.001EPSS
The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default...
8.7CVSS
8.4AI Score
0.0005EPSS
The Backup Migration WordPress plugin before 1.3.6 stores in-progress backups information in easy to find, publicly-accessible files, which may allow attackers monitoring those to leak sensitive information from the site's...
7.5CVSS
7.3AI Score
0.001EPSS
The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin before 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups...
7.5CVSS
7.4AI Score
0.002EPSS
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Everestthemes Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin.This issue affects Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin: from n/a through...
7.5CVSS
7.6AI Score
0.001EPSS
outdoorbits little-backup-box (aka Little Backup Box) before f39f91c allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted...
9.8CVSS
9.8AI Score
0.003EPSS
The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. NOTE: Successful exploitation of...
9.8CVSS
9.7AI Score
0.004EPSS
The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up to, and including, 1.3.9 via the 'url' parameter. This vulnerability allows authenticated attackers, with administrator-level permissions and above, to execute arbitrary commands on the host...
7.2CVSS
8AI Score
0.002EPSS
The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and 'content-name', 'content-manifest', or 'content-bmitmp' and 'content-identy' HTTP headers. This makes it possible for unauthenticated attackers to...
9.8CVSS
9.7AI Score
0.005EPSS
The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote...
9.8CVSS
9.8AI Score
0.929EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Jetpack – WP Security, Backup, Speed, & Growth allows Stored XSS.This issue affects Jetpack – WP Security, Backup, Speed, & Growth: from n/a through...
6.5CVSS
5.8AI Score
0.0004EPSS
The WordPress Backup & Migration WordPress plugin before 1.4.4 does not authorize some AJAX requests, allowing users with a role as low as Subscriber to update some plugin...
4.3CVSS
4.9AI Score
0.0004EPSS
The WordPress Backup & Migration WordPress plugin before 1.4.4 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting...
5.4CVSS
5.5AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Prashant Walke WP All Backup plugin <= 2.4.3...
8.8CVSS
8.7AI Score
0.001EPSS