WordPress XM-Backup plugin <= 0.9.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin XM-Backup versions = 0.9.1...

WordPress Backup Bolt plugin <= 1.5.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin Backup Bolt versions = 1.5.0...

CVE-2015-10134

The Simple Backup plugin for WordPress is vulnerable to Arbitrary File Download in versions up to, and including, 2.7.10. via the downloadbackupfile function. This is due to a lack of capability checks and file type validation. This makes it possible for attackers to download sensitive files such...

CVE-2015-10134 Simple Backup <= 2.7.10 - Arbitrary File Download via Path Traversal

The Simple Backup plugin for WordPress is vulnerable to Arbitrary File Download in versions up to, and including, 2.7.10. via the downloadbackupfile function. This is due to a lack of capability checks and file type validation. This makes it possible for attackers to download sensitive files such...

CVE-2015-10134

The CVE-2015-10134 entry describes a arbitrary file download vulnerability in WordPress Simple Backup plugin up to version 2.7.10, caused by a lack of capability checks and file type validation in the download_backup_file function. This allows an attacker to download sensitive files (e.g., wp-con...

CVE-2025-5396

The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.0. This is due to the bbackupajaxhandle function not having a capability check, nor validating user supplied input passed directly to calluserfunc. This makes it possible for...

PT-2025-30126 · WordPress · Simple Backup

Name of the Vulnerable Software and Affected Versions: Simple Backup versions prior to 2.7.11 Description: The Simple Backup plugin for WordPress is vulnerable to Arbitrary File Download due to a lack of capability checks and file type validation in the download backup file function. This allows...

CVE-2025-5396

The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.0. This is due to the bbackupajaxhandle function not having a capability check, nor validating user supplied input passed directly to calluserfunc. This makes it possible for...

PT-2025-29897 · Alone +1 · Alone +1

Name of the Vulnerable Software and Affected Versions: Bears Backup versions prior to 2.0.1 Description: The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up to and including 2.0.0. This is due to the bbackup ajax handle function lacking capability check...

WordPress plugin Bears Backup 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

WordPress DB Backup <= 6.0 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by 0xd4rk5id3 in WordPress Plugin DB Backup versions = 6.0...

CVE-2020-36848

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.14.9 via the env-info.php and restore-info.json files. This makes it possible for unauthenticated attackers to...

CVE-2020-36848

The CVE-2020-36848 issue affects the BoldGrid BoldGrid’s Total Upkeep – WordPress Backup Plugin plus Restore & Migrate (WordPress) up to version 1.14.9. The vulnerability is a Sensitive Information Exposure via env-info.php and restore-info.json, enabling unauthenticated attackers to discover and...

CVE-2020-36848 Total Upkeep by BoldGrid <= 1.14.9 - Unauthenticated Backup Download

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.14.9 via the env-info.php and restore-info.json files. This makes it possible for unauthenticated attackers to...

CVE-2024-7689

The Snapshot Backup WordPress plugin through 2.1.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2023-52185

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Everestthemes Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin.This issue affects Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin: from n/a through 2.1.9...

CVE-2023-6113

The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin before 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups later...

CVE-2023-7201

The Everest Backup WordPress plugin before 2.2.5 does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...

CVE-2022-36916

A cross-site request forgery CSRF vulnerability in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers to request a manual backup...

CVE-2021-24322

The Database Backup for WordPress plugin before 2.4 did not escape the backuprecipient POST parameter in before output it back in the attribute of an HTML tag, leading to a Stored Cross-Site Scripting issue...