Lucene search
K

42 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:40 a.m.10 views

CVE-2023-5505

The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the job-specific backup folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally,...

6.8CVSS6.7AI score0.00981EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:12 a.m.13 views

CVE-2013-4626

Cross-site scripting XSS vulnerability in the BackWPup plugin before 3.0.13 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter to wp-admin/admin.php...

4.3CVSS6AI score0.02058EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:59 a.m.8 views

CVE-2011-4342

PHP remote file inclusion vulnerability in wpxmlexport.php in the BackWPup plugin before 1.7.2 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpabs parameter...

7.5CVSS8AI score0.10403EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:52 a.m.8 views

CVE-2011-5208

Multiple directory traversal vulnerabilities in the BackWPup plugin before 1.4.1 for WordPress allow remote attackers to read arbitrary files via a .. dot dot in the wpabs parameter to 1 app/options-viewlog-iframe.php or 2 app/options-runnow-iframe.php...

5CVSS7.3AI score0.0326EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/08/17 12:0 a.m.8 views

PT-2024-14814 · WordPress · Backwpup

Name of the Vulnerable Software and Affected Versions: BackWPup plugin for WordPress versions up to, and including, 4.0.1 Description: The issue allows authenticated attackers to store backups in arbitrary folders on the server, provided they can be written to by the server. This is achieved via...

6.8CVSS6.6AI score0.00981EPSS
Exploits0References10
Patchstack
Patchstack
added 2024/04/09 2:46 a.m.6 views

WordPress BackWPup plugin < 4.0.4 - Unauthenticated Backup Download vulnerability

Unauthenticated Backup Download vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin BackWPup versions 4.0.4...

7.5CVSS7AI score0.02261EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2024/04/08 6:15 p.m.4 views

CVE-2023-7164

The BackWPup WordPress plugin before 4.0.4 does not prevent Directory Listing in its temporary backup folder, allowing unauthenticated attackers to download backups of a site's database...

7.5CVSS5.8AI score0.02261EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/03/18 12:0 a.m.5 views

PT-2024-15217

Name of the Vulnerable Software and Affected Versions BackWPup WordPress plugin versions prior to 4.0.4 Description The issue allows unauthenticated attackers to download backups of a site's database due to the lack of prevention of Directory Listing in the temporary backup folder. This exposes...

7.5CVSS6.7AI score0.02261EPSS
Exploits2References10
OSV
OSV
added 2024/02/26 4:27 p.m.4 views

CVE-2023-5775

The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it possible for authenticated attackers, with...

2.7CVSS7.3AI score0.00449EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/24 8:38 a.m.22 views

CVE-2023-5775 BackWPup <= 4.0.2 - Plaintext Storage of Backup Destination Password

The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it possible for authenticated attackers, with...

2.2CVSS6.5AI score0.00449EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/24 8:38 a.m.39 views

CVE-2023-5775 BackWPup <= 4.0.2 - Plaintext Storage of Backup Destination Password

The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it possible for authenticated attackers, with...

2.2CVSS4.1AI score0.00449EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/24 12:0 a.m.5 views

PT-2024-14831 · WordPress · Backwpup

Name of the Vulnerable Software and Affected Versions: BackWPup plugin for WordPress versions up to, and including, 4.0.2 Description: The issue arises from the improper storage of backup destination passwords in plaintext, allowing authenticated attackers with administrator-level access to...

2.7CVSS5AI score0.00449EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/01/11 12:0 a.m.3 views

WordPress Plugin BackWPup Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

8.7CVSS6.8AI score0.00926EPSS
Exploits1References4
Hacker One
Hacker One
added 2018/08/30 2:33 p.m.25 views

Automattic: WooCommerce Blacklist in 'map_meta_cap' leads to Privilege Escalation of Shopmanagers

When the Shopmanager role is defined for the first time, it receives the following WordPress core privileges: // Shop manager role. addrole 'shopmanager', 'Shop manager', array 'level9' = true, 'level8' = true, 'level7' = true, 'level6' = true, 'level5' = true, 'level4' = true, 'level3' = true,...

0.1AI score
Exploits0
OSV
OSV
added 2017/09/28 1:29 a.m.2 views

CVE-2017-2551

Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download...

7.5CVSS5.8AI score0.01671EPSS
Exploits1References2
CNVD
CNVD
added 2017/09/28 12:0 a.m.4 views

Wordpress BackWPup Plugin File Download Vulnerability

WordPress is the WordPress Software Foundation a set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up a personal blog site.BackWPup is one of the automatic backup plugin. A security vulnerability exists in versions of the Wordpress BackWPup...

7.5CVSS7.3AI score0.01671EPSS
Exploits1References1
Patchstack
Patchstack
added 2015/05/15 12:0 a.m.6 views

WordPress BackWPUp Plugin 1.7.1 - Remote & Local Code Execution

This plugin is prone to remote and local code execution vulnerability. Solution Update the plugin...

3.1AI score
Exploits0Affected Software1
Cvelist
Cvelist
added 2013/09/26 3:0 p.m.57 views

CVE-2013-4626

Cross-site scripting XSS vulnerability in the BackWPup plugin before 3.0.13 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter to wp-admin/admin.php...

5.7AI score0.02058EPSS
Exploits3References5
Prion
Prion
added 2012/10/08 6:55 p.m.16 views

Directory traversal

Multiple directory traversal vulnerabilities in the BackWPup plugin before 1.4.1 for WordPress allow remote attackers to read arbitrary files via a .. dot dot in the wpabs parameter to 1 app/options-viewlog-iframe.php or 2 app/options-runnow-iframe.php...

5CVSS7.5AI score0.0326EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2012/10/08 6:0 p.m.54 views

CVE-2011-4342

The CVE-2011-4342 vulnerability affects the BackWPup WordPress plugin, specifically the wp_xml_export.php component. It allows remote PHP code execution via a URL in the wpabs parameter due to insecure handling in the BackWPup plugin versions prior to 1.7.2. If exploited, an attacker could run ar...

7.5CVSS7.8AI score0.10403EPSS
Exploits1References9Affected Software1
Rows per page
Query Builder