265 matches found
CVE-2021-25022
The CVE-2021-25022 entry concerns the UpdraftPlus WordPress Backup Plugin prior to version 1.16.66, where backup_timestamp and job_id are not properly sanitised/escaped when echoed back in admin pages, causing Reflected Cross-Site Scripting (XSS). Affected software: UpdraftPlus WordPress Backup P...
CVE-2021-25022 UpdraftPlus < 1.16.66 - Reflected Cross-Site Scripting
The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backuptimestamp and jobid parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues...
WordPress XCloner Backup Plugin Remote Code Execution (CVE-2020-35948)
A remote code execution vulnerability exists in WordPress XCloner Backup plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
CVE-2020-20495
bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the deleteBackup' parameter...
CVE-2020-20495
bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the deleteBackup' parameter...
Arbitrary file deletion
bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the deleteBackup' parameter...
CVE-2020-20495
bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the deleteBackup' parameter...
bludit 安全漏洞
Bludit is an open source lightweight blog content management system CMS. bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the deleteBackup parameter...
Bludit 代码注入漏洞
Bludit is an open source lightweight blog content management system CMS. backup/plugin.php in Bludit 3.13.1 is vulnerable to code injection, which could be exploited to execute arbitrary code via a crafted ZIP file...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...
WordPress Backup by 10Web – Backup and Restore plugin <= 1.0.20 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by m0ze Patchstack Red Team in WordPress Backup by 10Web – Backup and Restore plugin versions = 1.0.20. Solution This plugin has been closed as of June 2, 2021 and is not available for download. This closure is permanent...
Unrestricted file upload
A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe plugins to upload a backup file and control the server...
Bludit 代码问题漏洞
Bludit is an open source, lightweight blog content management system CMS. A file upload vulnerability exists in Bludit version 3.12.0, which originates from a file upload found in the file path bl-plugins backup plugin.php, and can be exploited by an attacker to gain administrator privileges and ...
CVE-2020-35948
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xclonerrestore.php writefileaction could...
CVE-2020-35948
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xclonerrestore.php writefileaction could...
CVE-2020-35948
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xclonerrestore.php writefileaction could...
CVE-2020-15026
Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php...
CVE-2020-15026
Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php...
WordPress wp-database-backup plugin cross-site scripting vulnerability (CNVD-2019-27695)
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. wp-database-backup plugin is a database backup and restore plugin used in it. A cross-site scripting vulnerability exists i...
CVE-2016-10876
The wp-database-backup plugin before 4.3.1 for WordPress has CSRF...