Lucene search
K

31 matches found

NVD
NVD
added 2023/12/23 2:15 a.m.24 views

CVE-2023-6972

The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and 'content-name', 'content-manifest', or 'content-bmitmp' and 'content-identy' HTTP headers. This makes it possible for unauthenticated attackers to...

9.8CVSS0.0139EPSS
Exploits1References4
OSV
OSV
added 2023/12/23 2:15 a.m.7 views

CVE-2023-6972

The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and 'content-name', 'content-manifest', or 'content-bmitmp' and 'content-identy' HTTP headers. This makes it possible for unauthenticated attackers to...

9.8CVSS6.4AI score0.0139EPSS
Exploits1References4
Prion
Prion
added 2023/12/23 2:15 a.m.21 views

Design/Logic Flaw

The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. NOTE: Successful exploitation of...

7.5CVSS7.8AI score0.06419EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/12/23 2:15 a.m.17 views

Command injection

The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up to, and including, 1.3.9 via the 'url' parameter. This vulnerability allows authenticated attackers, with administrator-level permissions and above, to execute arbitrary commands on the host operati...

5.8CVSS8.1AI score0.45898EPSS
Exploits1References6Affected Software1
Prion
Prion
added 2023/12/23 2:15 a.m.23 views

Path traversal

The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and 'content-name', 'content-manifest', or 'content-bmitmp' and 'content-identy' HTTP headers. This makes it possible for unauthenticated attackers to...

7.5CVSS8.2AI score0.0139EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2023/12/23 12:0 a.m.5 views

WordPress plugin Backup Migration security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

9.8CVSS6.8AI score0.0139EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/12/23 12:0 a.m.5 views

WordPress plugin Backup Migration security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

7.2CVSS7.4AI score0.45898EPSS
Exploits1References7
BDU FSTEC
BDU FSTEC
added 2023/12/21 12:0 a.m.11 views

The vulnerability of the Backup Migration plugin of the WordPress content management system allows a hacker to execute arbitrary code.

The vulnerability of the Backup Migration plugin of the WordPress content management system is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.1AI score0.97846EPSS
Exploits14References11Affected Software1
Prion
Prion
added 2023/12/15 11:15 a.m.49 views

Remote code execution

The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote...

7.5CVSS8.5AI score0.97846EPSS
Exploits14References8Affected Software1
CVE
CVE
added 2023/12/15 10:59 a.m.190 views

CVE-2023-6553

The CVE affects the WordPress Backup Migration plugin (

9.8CVSS9.8AI score0.97846EPSS
In wildExploits14References8Affected Software1
Patchstack
Patchstack
added 2021/11/17 12:0 a.m.20 views

WordPress Backup Migration plugin <= 1.1.5 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by Vlad Visse Patchstack in WordPress Backup Migration plugin versions = 1.1.5. Solution Update the WordPress Backup Migration plugin to the latest available version at least 1.1.6...

5.4CVSS2.4AI score0.00552EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder