191 matches found
CVE-2023-6266
The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMIBACKUP case of the handledownloading function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to download...
CVE-2023-6553
The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote...
CVE-2025-24651
Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration wp-migration-duplicator allows Retrieve Embedded Sensitive Data.This issue affects WordPress Backup & Migration: from n/a through = 1.5.3...
CVE-2024-10932
The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursiveunserializereplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. The...
CVE-2024-10932 Backup Migration <= 1.4.6 - Unauthenticated PHP Object Injection via 'recursive_unserialize_replace'
The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursiveunserializereplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. The...
CVE-2024-10932 Backup Migration <= 1.4.6 - Unauthenticated PHP Object Injection via 'recursive_unserialize_replace'
The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursiveunserializereplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. The...
CVE-2024-10932
CVE-2024-10932 (Backup Migration, WordPress) Vulnerability: unauthenticated PHP Object Injection via deserialization in recursive_unserialize_replace, affecting all versions up to 1.4.6. Exploit can inject a PHP object; when a POP chain is present, an attacker can delete arbitrary files, retrieve...
PT-2025-1614 · WordPress · Backup Migration Plugin
Name of the Vulnerable Software and Affected Versions: Backup Migration plugin for WordPress versions up to, and including, 1.4.6 Description: The issue concerns a PHP Object Injection vulnerability via deserialization of untrusted input in the recursive unserialize replace function. This allows...
WordPress plugin Backup Migration 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...
WordPress Backup Migration plugin <= 1.4.6 - Unauthenticated PHP Object Injection via 'recursive_unserialize_replace' vulnerability
Unauthenticated PHP Object Injection via 'recursiveunserializereplace' vulnerability discovered by Webbernaut in WordPress Plugin Backup Migration versions = 1.4.6...
PT-2025-1493 · WordPress · Webtoffee Wordpress Backup & Migration
Name of the Vulnerable Software and Affected Versions: WebToffee WordPress Backup & Migration versions 1.4.1 and earlier Description: The issue is related to a missing authorization vulnerability in WebToffee WordPress Backup & Migration, which allows exploiting incorrectly configured access...
CVE-2023-33928
Missing Authorization vulnerability in WebToffee WordPress Backup & Migration wp-migration-duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Backup & Migration: from n/a through = 1.4.0...
CVE-2023-33928 WordPress WordPress Backup & Migration plugin <= 1.4.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in WebToffee WordPress Backup & Migration wp-migration-duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Backup & Migration: from n/a through = 1.4.0...
CVE-2023-33928 WordPress WordPress Backup & Migration plugin <= 1.4.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in WebToffee WordPress Backup & Migration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Backup & Migration: from n/a through 1.4.0...
Exploit for CVE-2023-6553
CVE-2023-6553 Due to a incorrect include statement in the "...
CVE-2023-52183
Missing Authorization vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through 1.4.3...
CVE-2023-52183 WordPress WordPress Backup & Migration plugin <= 1.4.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through 1.4.3...
CVE-2023-52183 WordPress WordPress Backup & Migration plugin <= 1.4.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through 1.4.3...
VulnCheck KEV: CVE-2023-6266
The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMIBACKUP case of the handledownloading function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to...
CVE-2024-3546
The WordPress Backup & Migration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpmgdppopulatepopup function in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with subscriber access or above...