Cross-Site Request Forgery (CSRF) vulnerability in Prashant Walke WP All Backup plugin <= 2.4.3...
8.8CVSS
8.7AI Score
0.001EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Backup Solutions WP Backup Manager plugin <= 1.13.1...
7.1CVSS
6AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JetBackup JetBackup β WP Backup, Migrate & Restore plugin <= 1.6.9.0...
4.8CVSS
5.2AI Score
0.001EPSS
The JetBackup β WP Backup, Migrate & Restore plugin for WordPress is vulnerable to sensitive information disclosure in versions up to, and including, 1.4.0 due to a lack of proper capability checking on the backup_guard_get_manual_modal function called via an AJAX action. This makes it possible...
4.3CVSS
4.2AI Score
0.001EPSS
The WP Database Backup WordPress plugin before 5.9 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite...
4.8CVSS
4.8AI Score
0.001EPSS
The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 2020_{0..1}{0..2}_{0..3}{0..9} format, guessing...
7.5CVSS
7.4AI Score
0.003EPSS
6.1CVSS
6.3AI Score
0.001EPSS
6.1CVSS
6.4AI Score
0.001EPSS
6.1CVSS
6.4AI Score
0.001EPSS
8.8CVSS
8.7AI Score
0.001EPSS
8.8CVSS
8.7AI Score
0.001EPSS
The WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) $backup['filepath'] (aka "Path to Backup:" field) or (2) $backup['mysqldumppath']...
7.4AI Score
0.012EPSS