264 matches found
PT-2019-7671 · WordPress · Wp-Database-Backup
Name of the Vulnerable Software and Affected Versions: wp-database-backup plugin versions prior to 4.3.1 Description: The issue affects the wp-database-backup plugin for WordPress, allowing for cross-site scripting XSS attacks. Recommendations: For versions prior to 4.3.1, update to version 4.3.1...
Design/Logic Flaw
The WP Backup+ aka WPbackupplus plugin through 2018-11-22 for WordPress allows remote attackers to obtain sensitive information from server folders and files, as demonstrated by download.sql...
Design/Logic Flaw
The wp-db-backup plugin 2.2.4 for WordPress relies on a five-character string for access control, which makes it easier for remote attackers to read backup archives via a brute-force attack...
Cross site request forgery (csrf)
The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete all previous backups via log rotation. Additionally, the plugin was not requiring requests to it...
CVE-2017-1000086
Summary: Multiple sources report a vulnerability in the Jenkins Periodic Backup Plugin (CVE-2017-1000086) involving missing permission checks and CSRF exposure. Affected component: Jenkins Periodic Backup Plugin (version 1.4 and earlier, per CNVD/CVE references). Root cause (as stated): The plugi...
CVE-2017-1000086
The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete all previous backups via log rotation. Additionally, the plugin was not requiring requests to it...
CloudBees Jenkins Periodic Backup Plugin Security Bypass Vulnerability
CloudBees Jenkins is a set of U.S. CloudBees continuous integration tools based on Java development , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Periodic Backup Plugin is one of the file regular backup...
Updraftplus < 1.13.5 - XSS
The UpdraftPlus WordPress Backup Plugin WordPress plugin was affected by a XSS security vulnerability...
Wordpress Simple Backup 插件2.7.10-任意文件下载漏洞
No description provided by source...
WordPress EZPZ One Click Backup Plugin <= 12.03.10 - XSS
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...
CVE-2014-9119
Directory traversal vulnerability in download.php in the DB Backup plugin 4.5 and earlier for Wordpress allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...
Directory traversal
Directory traversal vulnerability in download.php in the DB Backup plugin 4.5 and earlier for Wordpress allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...
CVE-2014-9119
CVE-2014-9119 affects WordPress DB Backup Plugin (version 4.5 and earlier). A local file inclusion / directory traversal flaw exists in download.php, permitting an attacker to read arbitrary server files by manipulating the file parameter (e.g., via path traversal). The NUCLEI template and relate...
Joomla/WordPress XCloner Command Execution / Password Disclosure
XCloner plugin version 3.1.1 for WordPress and 3.5.1 for Joomla! suffers from arbitrary command execution, MySQL password disclosure, database backups exposed, unauthenticated remote access, and various other vulnerabilities. Title: XCloner Wordpress/Joomla! backup Plugin v3.1.1 Wordpress v3.5.1...
WordPress Backup Plugin 2.0.1 Information Disclosure
No description provided by source. Exploit Title: WordPress Backup plugin exposes site data Google Dork: http://www.google.com/search?q=inurl:wp-content/backup.log Date: 01-jul-2012 Exploit Author: Stephan Knauss Vendor Homepage: http://wordpress.org/extend/plugins/backup/ Software Link:...
Backupbuddy 2.2.4 Sensitive Data Exposure
Backupbuddy - sensitive data exposure in importbuddy.php "the premiere WordPress backup plugin to backup, restore and move WordPress" http://ithemes.com/purchase/backupbuddy/ known versions affected: v1.3.4, v2.1.4, v2.2.25, v2.2.28, v2.2.4, likely other versions also impact: access to wordpress...
CVE-2011-5264
The CVE-2011-5264 entry maps to a documented XSS in the WordPress Lazyest Backup plugin, specifically in lazyest-backup.php vulnerable via the xml_or_all parameter. Affected version is prior to 0.2.2. Exploitation would allow remote attackers to inject arbitrary script/HTML in the context of the ...
WordPress Plugin Backup 2.0.1 - Information Disclosure
WordPress Plugin Backup 2.0.1 - Information Disclosure Exploit Title: WordPress Backup plugin exposes site data Google Dork: http://www.google.com/search?q=inurl:wp-content/backup.log Date: 01-jul-2012 Exploit Author: Stephan Knauss Vendor Homepage: http://wordpress.org/extend/plugins/backup/...
Information Leakage and Full path disclosure vulnerabilities in WordPress
Hello 3APA3A! I want to warn you about security vulnerabilities in WordPress which I published at 30.07.2010 during my Day of bugs in WordPress 2 project. ------------------------------ Advisory: Day of bugs in WordPress 2: Information Leakage and Full path disclosure vulnerabilities in WordPress...
CVE-2007-3494
Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend administration plugins, which allows remote authenticated users to 1 read the entire database by accessing the database backup plugin via a devtools/templates/newdumpbackend.html argument in the templa...