WordPress plugin Everest Backup 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-15985 · WordPress · The Everest Backup – Wordpress Cloud Backup

Name of the Vulnerable Software and Affected Versions: The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin versions up to, and including, 2.2.13 Description: The issue allows unauthenticated attackers to obtain an archive file name and download the site's backup due t...

CVE-2024-5551

The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the 'sub' parameter called from the WP STAGING WordPress Backup Plugin - Backup Duplicat...

CVE-2024-5551

The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the 'sub' parameter called from the WP STAGING WordPress Backup Plugin - Backup Duplicat...

CVE-2024-5551

CVE-2024-5551 affects the WP STAGING Pro WordPress Backup Plugin. The vulnerability is a Cross-Site Forgery (CSRF) issue caused by missing/incorrect nonce validation on the sub parameter, allowing unauthenticated attackers to trigger actions that end in Local File Inclusion of files ending with -...

WP STAGING PRO - Backup Duplicator & Migration < 5.6.1 - Cross-Site Request Forgery to Limited Local File Inclusion

Description The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the 'sub' parameter called from the WP STAGING WordPress Backup Plugin -...

CVE-2024-3412

The WP STAGING WordPress Backup Plugin – Migration Backup Restore plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpstgprocessing AJAX action in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers, wi...

CVE-2024-3412

CVE-2024-3412 affects the WP STAGING WordPress Backup Plugin – Migration Backup Restore. It is vulnerable in versions

WordPress plugin WP STAGING WordPress Backup Plugin – Migration Backup Restore 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WP STAGING WordPress Backup Plugin – Migration Backup Restore < 3.5.0 - Admin+ Arbitrary File Upload

Description The WP STAGING WordPress Backup Plugin – Migration Backup Restore plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpstgprocessing AJAX action in all versions up to, and including, 3.4.3. This makes it possible for authenticated...

CVE-2023-41243 WordPress WPvivid Backup Plugin plugin <= 0.9.90 - Privilege Escalation on Staging Environment vulnerability

Improper Privilege Management vulnerability in WPvivid Team WPvivid Backup and Migration allows Privilege Escalation.This issue affects WPvivid Backup and Migration: from n/a through 0.9.90...

CVE-2023-41243 WordPress WPvivid Backup Plugin plugin <= 0.9.90 - Privilege Escalation on Staging Environment vulnerability

Improper Privilege Management vulnerability in WPvivid Team WPvivid Backup and Migration allows Privilege Escalation.This issue affects WPvivid Backup and Migration: from n/a through 0.9.90...

CVE-2024-2309

Summary of CVE-2024-2309 : The WP STAGING WordPress Backup Plugin (versions prior to 3.4.0) and the wp-staging-pro WordPress plugin (prior to 5.4.0) fail to sanitize and escape certain settings. This can allow high-privilege users (e.g., administrators) to perform Stored Cross-Site Scripting even...

PT-2024-19666 · WordPress · Wp Staging Pro +1

Name of the Vulnerable Software and Affected Versions: WP STAGING WordPress Backup Plugin versions prior to 3.4.0 wp-staging-pro WordPress plugin versions prior to 5.4.0 Description: The issue concerns the lack of sanitization and escaping of certain settings in the WP STAGING WordPress Backup...

Simple Backup Plugin 2.7.10 - Path Traversal Exploit

Exploit Title: Simple Backup Plugin 0: printresponse.text Replace with the desired action for the downloaded content filepath = f'simplebackupfilename' with openfilepath, 'wb' as file: file.writeresponse.content printf'File saved in: filepath' else: print"Nothing was downloaded. You can try to...

Everest Backup < 2.2.5 - Admin+ Arbitrary File Upload

Description The plugin does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup 1. Go to the plugin setting and in the "Restore" section upload...

WordPress Plugin Migration, Backup, Staging Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

WordPress Backup Plugin < 2.0.9.9 is vulnerable to Sensitive Data Exposure

Software Backup Type Plugin Vulnerable versions 2.0.9.9 Fixed in 2.0.9.9 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2023-7165 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 23a451d4f975 Credits Dmitrii Ignatyev Required...

Total Upkeep < 1.15.9 - Improper Authorization to Unauthenticated Arbitrary File Download

Description The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check in all versions up to, and including, 1.15.8. This makes it possible for unauthenticated attackers to...

CVE-2023-7204

The WP STAGING WordPress Backup plugin before 3.2.0 allows access to cache files during the cloning process which provides...