Lucene search
K

264 matches found

OSV
OSV
added 2022/05/13 1:18 a.m.10 views

GHSA-5293-3FGP-CR3X Missing permission checks in Jenkins Periodic Backup Plugin allow every user to change settings

The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete all previous backups via log rotation. Additionally, the plugin was not requiring requests to it...

8CVSS7.8AI score0.01072EPSS
Exploits0References3
NVD
NVD
added 2022/05/11 12:15 p.m.12 views

CVE-2020-19228

An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files...

9CVSS0.01199EPSS
Exploits1References2
Prion
Prion
added 2022/05/11 12:15 p.m.13 views

Design/Logic Flaw

An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files...

9CVSS7AI score0.01199EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/05/11 12:0 p.m.15 views

CVE-2020-19228

An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files...

7AI score0.01199EPSS
Exploits1References2
CVE
CVE
added 2022/05/11 12:0 p.m.46 views

CVE-2020-19228

The CVE-2020-19228 entry concerns Bludit v3.13.0, where an unsafe backup-plugin implementation allows attackers to upload arbitrary files. The vulnerability is described with high severities in CVSS terms (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) across both CVSSv3.1 and CVSSv2, indicating network-ex...

9CVSS7AI score0.01199EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2022/05/11 12:0 a.m.4 views

Bludit 代码问题漏洞

Bludit is an open source, lightweight blog content management system CMS. A security vulnerability exists in Bludit version 3.13.0, which stems from an insecure backup plugin that can be exploited by an attacker to upload arbitrary files...

9CVSS7.2AI score0.01199EPSS
Exploits1References3
OSV
OSV
added 2022/04/11 3:15 p.m.2 views

CVE-2022-0531

The Migration, Backup, Staging WordPress plugin before 0.9.70 does not sanitise and escape the subpage parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting...

6.1CVSS6.4AI score0.00788EPSS
Exploits1References1
Prion
Prion
added 2022/04/04 4:15 p.m.14 views

Cross site scripting

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraftinterval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting XSS vulnerability...

4.3CVSS6AI score0.07355EPSS
Exploits4References2Affected Software1
CNNVD
CNNVD
added 2022/04/04 12:0 a.m.6 views

WordPress plugin UpdraftPlus WordPress Backup Plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. WordPress UpdraftPlus WordPress Backup plugin...

6.1CVSS5.3AI score0.07355EPSS
Exploits4References4
OSV
OSV
added 2022/02/21 11:15 a.m.4 views

CVE-2022-0255

The Database Backup for WordPress plugin before 2.5.1 does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL injection issue...

7.2CVSS5.8AI score0.01265EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/02/21 11:15 a.m.7 views

CVE-2022-0255

The Database Backup for WordPress plugin before 2.5.1 does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL injection issue...

7.2CVSS7.2AI score0.01265EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/02/21 12:0 a.m.5 views

Wordpress Plugin Database Backup SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. wordpress Database Backup Plugin has a SQL injecti...

7.2CVSS6.2AI score0.01265EPSS
Exploits2References2
NVD
NVD
added 2022/02/01 1:15 p.m.18 views

CVE-2021-25089

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.69 does not sanitise and escape the updraftrestore parameter before outputting it back in the Restore page, leading to a Reflected Cross-Site Scripting...

6.1CVSS0.008EPSS
Exploits2References1
CVE
CVE
added 2022/02/01 12:21 p.m.56 views

CVE-2021-25089

CVE-2021-25089 affects the UpdraftPlus WordPress Backup Plugin prior to version 1.16.69. The vulnerability arises from failing to sanitize and escape the updraft_restore parameter before it is echoed back on the Restore page, resulting in a Reflected Cross-Site Scripting (XSS) . Impact described ...

6.1CVSS6AI score0.008EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2022/02/01 12:0 a.m.3 views

WordPress plugin跨站脚本漏洞

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. A cross-site scripting vulnerability exists in the WordPress UpdraftPlus Backup Plugin in versions prior to 1.16.69. The vulnerability stems from the failure to escape the updraftrestore parameter and c...

6.1CVSS5.7AI score0.008EPSS
Exploits2References2
Prion
Prion
added 2022/01/24 8:15 a.m.38 views

Cross site scripting

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.6.59 does not sanitise its updraftservice settings, allowing high privilege users to set malicious JavaScript payload in it and leading to a Stored Cross-Site Scripting issue...

3.5CVSS4.8AI score0.00614EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/01/24 8:0 a.m.61 views

CVE-2021-24423

CVE-2021-24423 affects the UpdraftPlus WordPress Backup Plugin prior to 1.6.59. The issue arises because the plugin does not sanitize its updraft_service settings, allowing high-privilege users to inject malicious JavaScript payloads and trigger a Stored Cross-Site Scripting (XSS) vulnerability. ...

4.8CVSS4.8AI score0.00614EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/01/03 1:15 p.m.3 views

CVE-2021-25022

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backuptimestamp and jobid parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues...

6.1CVSS5.8AI score0.01122EPSS
Exploits2References3
NVD
NVD
added 2022/01/03 1:15 p.m.18 views

CVE-2021-25022

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backuptimestamp and jobid parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues...

6.1CVSS0.01122EPSS
Exploits2References3
Cvelist
Cvelist
added 2022/01/03 12:49 p.m.20 views

CVE-2021-25022 UpdraftPlus < 1.16.66 - Reflected Cross-Site Scripting

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backuptimestamp and jobid parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues...

6.2AI score0.01122EPSS
Exploits2References3
Rows per page
Query Builder