Lucene search
K

265 matches found

CVE
CVE
added 2022/01/03 12:49 p.m.63 views

CVE-2021-25022

The CVE-2021-25022 entry concerns the UpdraftPlus WordPress Backup Plugin prior to version 1.16.66, where backup_timestamp and job_id are not properly sanitised/escaped when echoed back in admin pages, causing Reflected Cross-Site Scripting (XSS). Affected software: UpdraftPlus WordPress Backup P...

6.1CVSS6AI score0.01122EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2022/01/03 12:49 p.m.29 views

CVE-2021-25022 UpdraftPlus < 1.16.66 - Reflected Cross-Site Scripting

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backuptimestamp and jobid parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues...

6.2AI score0.01122EPSS
Exploits2References3
Check Point Advisories
Check Point Advisories
added 2021/10/31 12:0 a.m.10 views

WordPress XCloner Backup Plugin Remote Code Execution (CVE-2020-35948)

A remote code execution vulnerability exists in WordPress XCloner Backup plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.5CVSS9AI score0.24937EPSS
Exploits5
NVD
NVD
added 2021/09/01 12:15 a.m.20 views

CVE-2020-20495

bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the deleteBackup' parameter...

9.1CVSS0.01509EPSS
Exploits1References1
OSV
OSV
added 2021/09/01 12:15 a.m.14 views

CVE-2020-20495

bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the deleteBackup' parameter...

9.1CVSS7AI score
Exploits0References1
Prion
Prion
added 2021/09/01 12:15 a.m.11 views

Arbitrary file deletion

bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the deleteBackup' parameter...

5.8CVSS9.1AI score0.01509EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/08/31 11:7 p.m.17 views

CVE-2020-20495

bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the deleteBackup' parameter...

9.2AI score0.01509EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/08/31 12:0 a.m.5 views

bludit 安全漏洞

Bludit is an open source lightweight blog content management system CMS. bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the deleteBackup parameter...

9.1CVSS8.4AI score0.01509EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/07/23 12:0 a.m.3 views

Bludit 代码注入漏洞

Bludit is an open source lightweight blog content management system CMS. backup/plugin.php in Bludit 3.13.1 is vulnerable to code injection, which could be exploited to execute arbitrary code via a crafted ZIP file...

7.8CVSS6AI score0.01215EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/06/01 12:0 a.m.8 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

5.4CVSS5.4AI score0.00703EPSS
Exploits2References2
Patchstack
Patchstack
added 2021/05/23 12:0 a.m.19 views

WordPress Backup by 10Web – Backup and Restore plugin <= 1.0.20 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze Patchstack Red Team in WordPress Backup by 10Web – Backup and Restore plugin versions = 1.0.20. Solution This plugin has been closed as of June 2, 2021 and is not available for download. This closure is permanent...

4.8CVSS2.5AI score0.00626EPSS
Exploits2References3Affected Software1
Prion
Prion
added 2021/05/21 6:15 p.m.13 views

Unrestricted file upload

A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe plugins to upload a backup file and control the server...

6.5CVSS7AI score0.01102EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/05/21 12:0 a.m.4 views

Bludit 代码问题漏洞

Bludit is an open source, lightweight blog content management system CMS. A file upload vulnerability exists in Bludit version 3.12.0, which originates from a file upload found in the file path bl-plugins backup plugin.php, and can be exploited by an attacker to gain administrator privileges and ...

7.2CVSS7AI score0.01102EPSS
Exploits1References1
NVD
NVD
added 2021/01/01 4:15 a.m.44 views

CVE-2020-35948

An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xclonerrestore.php writefileaction could...

9.9CVSS9.7AI score0.24937EPSS
Exploits5References4
OSV
OSV
added 2021/01/01 4:15 a.m.37 views

CVE-2020-35948

An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xclonerrestore.php writefileaction could...

8.8CVSS7.9AI score0.24937EPSS
Exploits5References4
Cvelist
Cvelist
added 2021/01/01 3:27 a.m.45 views

CVE-2020-35948

An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xclonerrestore.php writefileaction could...

9.9CVSS9.7AI score0.24937EPSS
Exploits5References4
ATTACKERKB
ATTACKERKB
added 2020/06/24 7:15 p.m.1 views

CVE-2020-15026

Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php...

4.9CVSS5.4AI score0.01299EPSS
Exploits1References2
Cvelist
Cvelist
added 2020/06/24 6:42 p.m.17 views

CVE-2020-15026

Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php...

5.3AI score0.01299EPSS
Exploits1References1
CNVD
CNVD
added 2019/08/14 12:0 a.m.4 views

WordPress wp-database-backup plugin cross-site scripting vulnerability (CNVD-2019-27695)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. wp-database-backup plugin is a database backup and restore plugin used in it. A cross-site scripting vulnerability exists i...

6.1CVSS6.3AI score0.00946EPSS
Exploits0References1
OSV
OSV
added 2019/08/12 3:15 p.m.4 views

CVE-2016-10876

The wp-database-backup plugin before 4.3.1 for WordPress has CSRF...

8.8CVSS5.8AI score0.00693EPSS
Exploits0References1
Rows per page
Query Builder