Lucene search
K

127 matches found

CVE
CVE
added 2024/02/24 8:38 a.m.106 views

CVE-2023-5775

CVE-2023-5775 : BackWPup for WordPress stores backup destination passwords in plaintext in all versions up to 4.0.2. The root cause is plaintext storage of credentials, enabling an authenticated administrator to retrieve the password from the UI or the options table. Remediation: upgrade to a ver...

2.7CVSS4.9AI score0.00449EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/02/24 8:38 a.m.39 views

CVE-2023-5775 BackWPup <= 4.0.2 - Plaintext Storage of Backup Destination Password

The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it possible for authenticated attackers, with...

2.2CVSS4.1AI score0.00449EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/24 12:0 a.m.5 views

PT-2024-14831 · WordPress · Backwpup

Name of the Vulnerable Software and Affected Versions: BackWPup plugin for WordPress versions up to, and including, 4.0.2 Description: The issue arises from the improper storage of backup destination passwords in plaintext, allowing authenticated attackers with administrator-level access to...

2.7CVSS5AI score0.00449EPSS
Exploits0References5
OSV
OSV
added 2024/01/11 9:15 a.m.3 views

CVE-2023-5504

The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default...

8.7CVSS7.3AI score0.00926EPSS
Exploits1References3
Prion
Prion
added 2024/01/11 9:15 a.m.20 views

Directory traversal

The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default...

4.7CVSS6.9AI score0.00926EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2024/01/11 8:33 a.m.34 views

CVE-2023-5504 BackWPup <= 4.0.1 - Authenticated (Administrator+) Directory Traversal

The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default...

8.7CVSS8.6AI score0.00926EPSS
Exploits1References3
CVE
CVE
added 2024/01/11 8:33 a.m.122 views

CVE-2023-5504

Summary (CVE-2023-5504) The BackWPup WordPress backup plugin is affected by a directory traversal vulnerability in versions up to and including 4.0.1, exploitable via the Log File Folder. The underlying issue allows an authenticated attacker with plugin access to store backups in arbitrary server...

8.7CVSS8.4AI score0.00926EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/11 8:33 a.m.37 views

CVE-2023-5504 BackWPup <= 4.0.1 - Authenticated (Administrator+) Directory Traversal

The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default...

8.7CVSS7.3AI score0.00926EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/01/11 12:0 a.m.3 views

WordPress Plugin BackWPup Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

8.7CVSS6.8AI score0.00926EPSS
Exploits1References4
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.23 views

BackWPup < 4.0.2 - Authenticated (Administrator+) Directory Traversal

Description The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally,...

8.7CVSS6.8AI score0.00926EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2023/11/23 12:0 a.m.23 views

WordPress BackWPup Plugin <= 4.0.1 is vulnerable to Path Traversal

Software BackWPup Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.0.2 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2023-5504 Patch priority Low CVSS severity Low 8.7 Developer Claim ownership PSID 40bd5e9852bb Credits Marco Wotschka Required privilege Administrator Publishe...

8.7CVSS7.2AI score0.00926EPSS
Exploits1References3Affected Software1
Packet Storm
Packet Storm
added 2018/12/04 12:0 a.m.54 views

WordPress BackWpUP 3.6.6 Database Disclosure

Exploit Title : WordPress BackWpUP Plugins 3.6.6 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 02/12/2018 Vendor Homepage : wordpress.org/plugins/backwpup/ Software Download Link : downloads.wordpress.org/plugin/backwpup.3.6.6.zip...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2018/08/30 2:33 p.m.25 views

Automattic: WooCommerce Blacklist in 'map_meta_cap' leads to Privilege Escalation of Shopmanagers

When the Shopmanager role is defined for the first time, it receives the following WordPress core privileges: // Shop manager role. addrole 'shopmanager', 'Shop manager', array 'level9' = true, 'level8' = true, 'level7' = true, 'level6' = true, 'level5' = true, 'level4' = true, 'level3' = true,...

0.1AI score
Exploits0
OpenVAS
OpenVAS
added 2017/09/29 12:0 a.m.20 views

WordPress BackWPup Plugin < 3.4.2 Brute Force Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.112061";...

7.5CVSS7.6AI score0.01671EPSS
Exploits1References2
OSV
OSV
added 2017/09/28 1:29 a.m.2 views

CVE-2017-2551

Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download...

7.5CVSS5.8AI score0.01671EPSS
Exploits1References2
NVD
NVD
added 2017/09/28 1:29 a.m.15 views

CVE-2017-2551

Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download...

7.5CVSS7.5AI score0.01671EPSS
Exploits1References2
Prion
Prion
added 2017/09/28 1:29 a.m.11 views

Design/Logic Flaw

Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download...

5CVSS7.5AI score0.01671EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2017/09/28 12:0 a.m.14 views

WordPress BackWPup plugin <=3.4.1 - Unrestricted Backup File Download

Unrestricted Backup File Download vulnerability found by Larry W. Cashdollar in WordPress BackWPup plugin versions =3.4.1. Backup files are stored insecurely and could be discovered by Google dork and exploited further even for brute-forcing. Solution Update the WordPress BackWPup plugin to the...

3.3AI score
Exploits0References1Affected Software1
CNVD
CNVD
added 2017/09/28 12:0 a.m.5 views

Wordpress BackWPup Plugin File Download Vulnerability

WordPress is the WordPress Software Foundation a set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up a personal blog site.BackWPup is one of the automatic backup plugin. A security vulnerability exists in versions of the Wordpress BackWPup...

7.5CVSS7.3AI score0.01671EPSS
Exploits1References1
CVE
CVE
added 2017/09/27 4:0 p.m.56 views

CVE-2017-2551

The CVE concerns the WordPress BackWPup plugin, versions prior to 3.4.2, which allows brute-force download of backup files. Affected component: BackWPup WordPress plugin; root cause is a vulnerability enabling unauthorized retrieval of backups over the network. Impact: potential exposure of backu...

7.5CVSS7.5AI score0.01671EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder