Lucene search
K

264 matches found

Positive Technologies
Positive Technologies
added 2019/08/12 12:0 a.m.5 views

PT-2019-7671 · WordPress · Wp-Database-Backup

Name of the Vulnerable Software and Affected Versions: wp-database-backup plugin versions prior to 4.3.1 Description: The issue affects the wp-database-backup plugin for WordPress, allowing for cross-site scripting XSS attacks. Recommendations: For versions prior to 4.3.1, update to version 4.3.1...

6.1CVSS6AI score0.00924EPSS
Exploits0References5
Prion
Prion
added 2019/05/07 7:29 p.m.18 views

Design/Logic Flaw

The WP Backup+ aka WPbackupplus plugin through 2018-11-22 for WordPress allows remote attackers to obtain sensitive information from server folders and files, as demonstrated by download.sql...

5CVSS7.4AI score0.01753EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2018/10/05 6:29 a.m.10 views

Design/Logic Flaw

The wp-db-backup plugin 2.2.4 for WordPress relies on a five-character string for access control, which makes it easier for remote attackers to read backup archives via a brute-force attack...

5CVSS7AI score0.02444EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2017/10/05 1:29 a.m.9 views

Cross site request forgery (csrf)

The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete all previous backups via log rotation. Additionally, the plugin was not requiring requests to it...

6CVSS7.8AI score0.01072EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2017/10/04 1:0 a.m.47 views

CVE-2017-1000086

Summary: Multiple sources report a vulnerability in the Jenkins Periodic Backup Plugin (CVE-2017-1000086) involving missing permission checks and CSRF exposure. Affected component: Jenkins Periodic Backup Plugin (version 1.4 and earlier, per CNVD/CVE references). Root cause (as stated): The plugi...

8CVSS7.8AI score0.01072EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/10/04 1:0 a.m.15 views

CVE-2017-1000086

The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete all previous backups via log rotation. Additionally, the plugin was not requiring requests to it...

7.9AI score0.01072EPSS
Exploits0References2
CNVD
CNVD
added 2017/08/24 12:0 a.m.2 views

CloudBees Jenkins Periodic Backup Plugin Security Bypass Vulnerability

CloudBees Jenkins is a set of U.S. CloudBees continuous integration tools based on Java development , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Periodic Backup Plugin is one of the file regular backup...

8CVSS7.9AI score0.01072EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2017/08/08 12:0 a.m.23 views

Updraftplus < 1.13.5 - XSS

The UpdraftPlus WordPress Backup Plugin WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS1.8AI score0.00915EPSS
Exploits0Affected Software1
seebug.org
seebug.org
added 2016/03/26 12:0 a.m.67 views

Wordpress Simple Backup 插件2.7.10-任意文件下载漏洞

No description provided by source...

7.1AI score
Exploits0
Patchstack
Patchstack
added 2016/03/21 12:0 a.m.9 views

WordPress EZPZ One Click Backup Plugin <= 12.03.10 - XSS

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

2.1AI score
Exploits0References1Affected Software1
NVD
NVD
added 2014/12/31 10:59 p.m.21 views

CVE-2014-9119

Directory traversal vulnerability in download.php in the DB Backup plugin 4.5 and earlier for Wordpress allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...

5CVSS6.6AI score0.16117EPSS
Exploits1References3
Prion
Prion
added 2014/12/31 10:59 p.m.11 views

Directory traversal

Directory traversal vulnerability in download.php in the DB Backup plugin 4.5 and earlier for Wordpress allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...

5CVSS7.2AI score0.16117EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2014/12/31 10:0 p.m.75 views

CVE-2014-9119

CVE-2014-9119 affects WordPress DB Backup Plugin (version 4.5 and earlier). A local file inclusion / directory traversal flaw exists in download.php, permitting an attacker to read arbitrary server files by manipulating the file parameter (e.g., via path traversal). The NUCLEI template and relate...

5CVSS9.1AI score0.16117EPSS
Exploits1References3Affected Software1
0day.today
0day.today
added 2014/11/07 12:0 a.m.43 views

Joomla/WordPress XCloner Command Execution / Password Disclosure

XCloner plugin version 3.1.1 for WordPress and 3.5.1 for Joomla! suffers from arbitrary command execution, MySQL password disclosure, database backups exposed, unauthenticated remote access, and various other vulnerabilities. Title: XCloner Wordpress/Joomla! backup Plugin v3.1.1 Wordpress v3.5.1...

7.7AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

WordPress Backup Plugin 2.0.1 Information Disclosure

No description provided by source. Exploit Title: WordPress Backup plugin exposes site data Google Dork: http://www.google.com/search?q=inurl:wp-content/backup.log Date: 01-jul-2012 Exploit Author: Stephan Knauss Vendor Homepage: http://wordpress.org/extend/plugins/backup/ Software Link:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2013/03/24 12:0 a.m.25 views

Backupbuddy 2.2.4 Sensitive Data Exposure

Backupbuddy - sensitive data exposure in importbuddy.php "the premiere WordPress backup plugin to backup, restore and move WordPress" http://ithemes.com/purchase/backupbuddy/ known versions affected: v1.3.4, v2.1.4, v2.2.25, v2.2.28, v2.2.4, likely other versions also impact: access to wordpress...

7.4AI score
Exploits0
CVE
CVE
added 2013/02/12 8:0 p.m.38 views

CVE-2011-5264

The CVE-2011-5264 entry maps to a documented XSS in the WordPress Lazyest Backup plugin, specifically in lazyest-backup.php vulnerable via the xml_or_all parameter. Affected version is prior to 0.2.2. Exploitation would allow remote attackers to inject arbitrary script/HTML in the context of the ...

4.3CVSS6AI score0.0224EPSS
Exploits1References6Affected Software1
exploitpack
exploitpack
added 2012/07/02 12:0 a.m.15 views

WordPress Plugin Backup 2.0.1 - Information Disclosure

WordPress Plugin Backup 2.0.1 - Information Disclosure Exploit Title: WordPress Backup plugin exposes site data Google Dork: http://www.google.com/search?q=inurl:wp-content/backup.log Date: 01-jul-2012 Exploit Author: Stephan Knauss Vendor Homepage: http://wordpress.org/extend/plugins/backup/...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2010/08/05 12:0 a.m.51 views

Information Leakage and Full path disclosure vulnerabilities in WordPress

Hello 3APA3A! I want to warn you about security vulnerabilities in WordPress which I published at 30.07.2010 during my Day of bugs in WordPress 2 project. ------------------------------ Advisory: Day of bugs in WordPress 2: Information Leakage and Full path disclosure vulnerabilities in WordPress...

7.5CVSS6.5AI score0.0375EPSS
Exploits1
NVD
NVD
added 2007/06/29 6:30 p.m.11 views

CVE-2007-3494

Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend administration plugins, which allows remote authenticated users to 1 read the entire database by accessing the database backup plugin via a devtools/templates/newdumpbackend.html argument in the templa...

6.8CVSS6.3AI score0.02052EPSS
Exploits0References7
Rows per page
Query Builder