264 matches found
GHSA-5293-3FGP-CR3X Missing permission checks in Jenkins Periodic Backup Plugin allow every user to change settings
The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete all previous backups via log rotation. Additionally, the plugin was not requiring requests to it...
CVE-2020-19228
An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files...
Design/Logic Flaw
An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files...
CVE-2020-19228
An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files...
CVE-2020-19228
The CVE-2020-19228 entry concerns Bludit v3.13.0, where an unsafe backup-plugin implementation allows attackers to upload arbitrary files. The vulnerability is described with high severities in CVSS terms (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) across both CVSSv3.1 and CVSSv2, indicating network-ex...
Bludit 代码问题漏洞
Bludit is an open source, lightweight blog content management system CMS. A security vulnerability exists in Bludit version 3.13.0, which stems from an insecure backup plugin that can be exploited by an attacker to upload arbitrary files...
CVE-2022-0531
The Migration, Backup, Staging WordPress plugin before 0.9.70 does not sanitise and escape the subpage parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting...
Cross site scripting
The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraftinterval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting XSS vulnerability...
WordPress plugin UpdraftPlus WordPress Backup Plugin 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. WordPress UpdraftPlus WordPress Backup plugin...
CVE-2022-0255
The Database Backup for WordPress plugin before 2.5.1 does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL injection issue...
CVE-2022-0255
The Database Backup for WordPress plugin before 2.5.1 does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL injection issue...
Wordpress Plugin Database Backup SQL注入漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. wordpress Database Backup Plugin has a SQL injecti...
CVE-2021-25089
The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.69 does not sanitise and escape the updraftrestore parameter before outputting it back in the Restore page, leading to a Reflected Cross-Site Scripting...
CVE-2021-25089
CVE-2021-25089 affects the UpdraftPlus WordPress Backup Plugin prior to version 1.16.69. The vulnerability arises from failing to sanitize and escape the updraft_restore parameter before it is echoed back on the Restore page, resulting in a Reflected Cross-Site Scripting (XSS) . Impact described ...
WordPress plugin跨站脚本漏洞
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. A cross-site scripting vulnerability exists in the WordPress UpdraftPlus Backup Plugin in versions prior to 1.16.69. The vulnerability stems from the failure to escape the updraftrestore parameter and c...
Cross site scripting
The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.6.59 does not sanitise its updraftservice settings, allowing high privilege users to set malicious JavaScript payload in it and leading to a Stored Cross-Site Scripting issue...
CVE-2021-24423
CVE-2021-24423 affects the UpdraftPlus WordPress Backup Plugin prior to 1.6.59. The issue arises because the plugin does not sanitize its updraft_service settings, allowing high-privilege users to inject malicious JavaScript payloads and trigger a Stored Cross-Site Scripting (XSS) vulnerability. ...
CVE-2021-25022
The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backuptimestamp and jobid parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues...
CVE-2021-25022
The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backuptimestamp and jobid parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues...
CVE-2021-25022 UpdraftPlus < 1.16.66 - Reflected Cross-Site Scripting
The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backuptimestamp and jobid parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues...