Lucene search
+L

191 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:7 a.m.10 views

CVE-2023-6266

The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMIBACKUP case of the handledownloading function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to download...

7.5CVSS6.4AI score0.02072EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:5 a.m.13 views

CVE-2023-6553

The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote...

9.8CVSS8.3AI score0.97846EPSS
Exploits14References1
RedhatCVE
RedhatCVE
added 2025/04/25 11:51 p.m.9 views

CVE-2025-24651

Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration wp-migration-duplicator allows Retrieve Embedded Sensitive Data.This issue affects WordPress Backup & Migration: from n/a through = 1.5.3...

5.9AI score0.00357EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:13 a.m.7 views

CVE-2024-10932

The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursiveunserializereplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. The...

8.8CVSS7.3AI score0.00804EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/04 7:24 a.m.5 views

CVE-2024-10932 Backup Migration <= 1.4.6 - Unauthenticated PHP Object Injection via 'recursive_unserialize_replace'

The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursiveunserializereplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. The...

8.8CVSS7.3AI score0.00804EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/01/04 7:24 a.m.33 views

CVE-2024-10932 Backup Migration <= 1.4.6 - Unauthenticated PHP Object Injection via 'recursive_unserialize_replace'

The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursiveunserializereplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. The...

8.8CVSS0.00804EPSS
Exploits0References3
CVE
CVE
added 2025/01/04 7:24 a.m.63 views

CVE-2024-10932

CVE-2024-10932 (Backup Migration, WordPress) Vulnerability: unauthenticated PHP Object Injection via deserialization in recursive_unserialize_replace, affecting all versions up to 1.4.6. Exploit can inject a PHP object; when a POP chain is present, an attacker can delete arbitrary files, retrieve...

8.8CVSS8.9AI score0.00804EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/04 12:0 a.m.7 views

PT-2025-1614 · WordPress · Backup Migration Plugin

Name of the Vulnerable Software and Affected Versions: Backup Migration plugin for WordPress versions up to, and including, 1.4.6 Description: The issue concerns a PHP Object Injection vulnerability via deserialization of untrusted input in the recursive unserialize replace function. This allows...

8.8CVSS9.8AI score0.00804EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/01/04 12:0 a.m.6 views

WordPress plugin Backup Migration 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

8.8CVSS8.4AI score0.00804EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/01/03 10:6 p.m.6 views

WordPress Backup Migration plugin <= 1.4.6 - Unauthenticated PHP Object Injection via 'recursive_unserialize_replace' vulnerability

Unauthenticated PHP Object Injection via 'recursiveunserializereplace' vulnerability discovered by Webbernaut in WordPress Plugin Backup Migration versions = 1.4.6...

8.8CVSS7.3AI score0.00804EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/02 12:0 a.m.3 views

PT-2025-1493 · WordPress · Webtoffee Wordpress Backup & Migration

Name of the Vulnerable Software and Affected Versions: WebToffee WordPress Backup & Migration versions 1.4.1 and earlier Description: The issue is related to a missing authorization vulnerability in WebToffee WordPress Backup & Migration, which allows exploiting incorrectly configured access...

5.4CVSS9.4AI score0.00373EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2024/12/13 3:15 p.m.5 views

CVE-2023-33928

Missing Authorization vulnerability in WebToffee WordPress Backup & Migration wp-migration-duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Backup & Migration: from n/a through = 1.4.0...

4.3CVSS5.8AI score0.00502EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/12/13 2:23 p.m.9 views

CVE-2023-33928 WordPress WordPress Backup & Migration plugin <= 1.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in WebToffee WordPress Backup & Migration wp-migration-duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Backup & Migration: from n/a through = 1.4.0...

4.3CVSS6.9AI score0.00502EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/13 2:23 p.m.15 views

CVE-2023-33928 WordPress WordPress Backup & Migration plugin <= 1.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in WebToffee WordPress Backup & Migration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Backup & Migration: from n/a through 1.4.0...

4.3CVSS0.00502EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2024/06/29 5:1 p.m.350 views

Exploit for CVE-2023-6553

CVE-2023-6553 Due to a incorrect include statement in the "...

9.8CVSS8.2AI score0.97846EPSS
Exploits14
NVD
NVD
added 2024/06/11 2:15 p.m.28 views

CVE-2023-52183

Missing Authorization vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through 1.4.3...

5.4CVSS0.0037EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/11 1:37 p.m.26 views

CVE-2023-52183 WordPress WordPress Backup & Migration plugin <= 1.4.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through 1.4.3...

5.4CVSS0.0037EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/11 1:37 p.m.14 views

CVE-2023-52183 WordPress WordPress Backup & Migration plugin <= 1.4.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through 1.4.3...

5.4CVSS7AI score0.0037EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/06/03 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-6266

The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMIBACKUP case of the handledownloading function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to...

7.5CVSS7.3AI score0.02072EPSS
Exploits0References1
NVD
NVD
added 2024/05/02 5:15 p.m.28 views

CVE-2024-3546

The WordPress Backup & Migration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpmgdppopulatepopup function in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with subscriber access or above...

4.3CVSS4.4AI score0.00491EPSS
Exploits0References2
Rows per page
Query Builder