42 matches found
CVE-2023-5505
The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the job-specific backup folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally,...
CVE-2013-4626
Cross-site scripting XSS vulnerability in the BackWPup plugin before 3.0.13 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter to wp-admin/admin.php...
CVE-2011-4342
PHP remote file inclusion vulnerability in wpxmlexport.php in the BackWPup plugin before 1.7.2 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpabs parameter...
CVE-2011-5208
Multiple directory traversal vulnerabilities in the BackWPup plugin before 1.4.1 for WordPress allow remote attackers to read arbitrary files via a .. dot dot in the wpabs parameter to 1 app/options-viewlog-iframe.php or 2 app/options-runnow-iframe.php...
PT-2024-14814 · WordPress · Backwpup
Name of the Vulnerable Software and Affected Versions: BackWPup plugin for WordPress versions up to, and including, 4.0.1 Description: The issue allows authenticated attackers to store backups in arbitrary folders on the server, provided they can be written to by the server. This is achieved via...
WordPress BackWPup plugin < 4.0.4 - Unauthenticated Backup Download vulnerability
Unauthenticated Backup Download vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin BackWPup versions 4.0.4...
CVE-2023-7164
The BackWPup WordPress plugin before 4.0.4 does not prevent Directory Listing in its temporary backup folder, allowing unauthenticated attackers to download backups of a site's database...
PT-2024-15217
Name of the Vulnerable Software and Affected Versions BackWPup WordPress plugin versions prior to 4.0.4 Description The issue allows unauthenticated attackers to download backups of a site's database due to the lack of prevention of Directory Listing in the temporary backup folder. This exposes...
CVE-2023-5775
The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it possible for authenticated attackers, with...
CVE-2023-5775 BackWPup <= 4.0.2 - Plaintext Storage of Backup Destination Password
The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it possible for authenticated attackers, with...
CVE-2023-5775 BackWPup <= 4.0.2 - Plaintext Storage of Backup Destination Password
The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it possible for authenticated attackers, with...
PT-2024-14831 · WordPress · Backwpup
Name of the Vulnerable Software and Affected Versions: BackWPup plugin for WordPress versions up to, and including, 4.0.2 Description: The issue arises from the improper storage of backup destination passwords in plaintext, allowing authenticated attackers with administrator-level access to...
WordPress Plugin BackWPup Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
Automattic: WooCommerce Blacklist in 'map_meta_cap' leads to Privilege Escalation of Shopmanagers
When the Shopmanager role is defined for the first time, it receives the following WordPress core privileges: // Shop manager role. addrole 'shopmanager', 'Shop manager', array 'level9' = true, 'level8' = true, 'level7' = true, 'level6' = true, 'level5' = true, 'level4' = true, 'level3' = true,...
CVE-2017-2551
Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download...
Wordpress BackWPup Plugin File Download Vulnerability
WordPress is the WordPress Software Foundation a set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up a personal blog site.BackWPup is one of the automatic backup plugin. A security vulnerability exists in versions of the Wordpress BackWPup...
WordPress BackWPUp Plugin 1.7.1 - Remote & Local Code Execution
This plugin is prone to remote and local code execution vulnerability. Solution Update the plugin...
CVE-2013-4626
Cross-site scripting XSS vulnerability in the BackWPup plugin before 3.0.13 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter to wp-admin/admin.php...
Directory traversal
Multiple directory traversal vulnerabilities in the BackWPup plugin before 1.4.1 for WordPress allow remote attackers to read arbitrary files via a .. dot dot in the wpabs parameter to 1 app/options-viewlog-iframe.php or 2 app/options-runnow-iframe.php...
CVE-2011-4342
The CVE-2011-4342 vulnerability affects the BackWPup WordPress plugin, specifically the wp_xml_export.php component. It allows remote PHP code execution via a URL in the wpabs parameter due to insecure handling in the BackWPup plugin versions prior to 1.7.2. If exploited, an attacker could run ar...