127 matches found
CVE-2023-5775
CVE-2023-5775 : BackWPup for WordPress stores backup destination passwords in plaintext in all versions up to 4.0.2. The root cause is plaintext storage of credentials, enabling an authenticated administrator to retrieve the password from the UI or the options table. Remediation: upgrade to a ver...
CVE-2023-5775 BackWPup <= 4.0.2 - Plaintext Storage of Backup Destination Password
The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it possible for authenticated attackers, with...
PT-2024-14831 · WordPress · Backwpup
Name of the Vulnerable Software and Affected Versions: BackWPup plugin for WordPress versions up to, and including, 4.0.2 Description: The issue arises from the improper storage of backup destination passwords in plaintext, allowing authenticated attackers with administrator-level access to...
CVE-2023-5504
The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default...
Directory traversal
The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default...
CVE-2023-5504 BackWPup <= 4.0.1 - Authenticated (Administrator+) Directory Traversal
The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default...
CVE-2023-5504
Summary (CVE-2023-5504) The BackWPup WordPress backup plugin is affected by a directory traversal vulnerability in versions up to and including 4.0.1, exploitable via the Log File Folder. The underlying issue allows an authenticated attacker with plugin access to store backups in arbitrary server...
CVE-2023-5504 BackWPup <= 4.0.1 - Authenticated (Administrator+) Directory Traversal
The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default...
WordPress Plugin BackWPup Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
BackWPup < 4.0.2 - Authenticated (Administrator+) Directory Traversal
Description The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally,...
WordPress BackWPup Plugin <= 4.0.1 is vulnerable to Path Traversal
Software BackWPup Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.0.2 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2023-5504 Patch priority Low CVSS severity Low 8.7 Developer Claim ownership PSID 40bd5e9852bb Credits Marco Wotschka Required privilege Administrator Publishe...
WordPress BackWpUP 3.6.6 Database Disclosure
Exploit Title : WordPress BackWpUP Plugins 3.6.6 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 02/12/2018 Vendor Homepage : wordpress.org/plugins/backwpup/ Software Download Link : downloads.wordpress.org/plugin/backwpup.3.6.6.zip...
Automattic: WooCommerce Blacklist in 'map_meta_cap' leads to Privilege Escalation of Shopmanagers
When the Shopmanager role is defined for the first time, it receives the following WordPress core privileges: // Shop manager role. addrole 'shopmanager', 'Shop manager', array 'level9' = true, 'level8' = true, 'level7' = true, 'level6' = true, 'level5' = true, 'level4' = true, 'level3' = true,...
WordPress BackWPup Plugin < 3.4.2 Brute Force Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.112061";...
CVE-2017-2551
Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download...
CVE-2017-2551
Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download...
Design/Logic Flaw
Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download...
WordPress BackWPup plugin <=3.4.1 - Unrestricted Backup File Download
Unrestricted Backup File Download vulnerability found by Larry W. Cashdollar in WordPress BackWPup plugin versions =3.4.1. Backup files are stored insecurely and could be discovered by Google dork and exploited further even for brute-forcing. Solution Update the WordPress BackWPup plugin to the...
Wordpress BackWPup Plugin File Download Vulnerability
WordPress is the WordPress Software Foundation a set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up a personal blog site.BackWPup is one of the automatic backup plugin. A security vulnerability exists in versions of the Wordpress BackWPup...
CVE-2017-2551
The CVE concerns the WordPress BackWPup plugin, versions prior to 3.4.2, which allows brute-force download of backup files. Affected component: BackWPup WordPress plugin; root cause is a vulnerability enabling unauthorized retrieval of backups over the network. Impact: potential exposure of backu...