70 matches found
CVE-2022-4897
The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting...
Cross site scripting
The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting...
CVE-2022-4897 BackupBuddy < 8.8.3 - Multiple Reflected Cross-Site Scripting
The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting...
EUVD-2022-52154
The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting...
CVE-2022-4897
The CVE-2022-4897 entry concerns the WordPress BackupBuddy plugin, version
CVE-2022-4897 BackupBuddy < 8.8.3 - Multiple Reflected Cross-Site Scripting
The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting...
WordPress plugin BackupBuddy 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogging sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...
PT-2023-15907 · WordPress · Backupbuddy
Name of the Vulnerable Software and Affected Versions: BackupBuddy WordPress plugin versions prior to 8.8.3 Description: The issue is related to Reflected Cross-Site Scripting. It occurs because the BackupBuddy WordPress plugin does not properly sanitise and escape some parameters before outputti...
WordPress BackupBuddy Plugin < 8.8.3 is vulnerable to Cross Site Scripting (XSS)
Software BackupBuddy Type Plugin Vulnerable versions 8.8.3 Fixed in 8.8.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4897 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID befef1967b69 Credits WPScan Required privilege...
BackupBuddy < 8.8.3 - Multiple Reflected Cross-Site Scripting
The plugin does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting Make a logged in admin/SA open one of the URL below: v " "...
BackupBuddy < 8.8.3 - Multiple Reflected Cross-Site Scripting
The plugin does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting PoC Make a logged in admin/SA open one of the URL below: v -...
VulnCheck KEV: CVE-2022-31474
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1...
Zero-day Vulnerability in the WordPress BackupBuddy Plugin
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A zero-day vulnerability in the BackupBuddy WordPress plugin is being actively exploited. There are an estimated 140,000 active installations of the plugin, and the arbitrary file download/read...
Over 280,000 WordPress Sites Attacked Using WPGateway Plugin Zero-Day Vulnerability
A zero-day flaw in the latest version of a WordPress premium plugin known as WPGateway is being actively exploited in the wild, potentially allowing malicious actors to completely take over affected sites. Tracked as CVE-2022-3180 CVSS score: 9.8, the issue is being weaponized to add a malicious...
BackupBuddy WordPress plugin vulnerable to exploitation, update now!
Users of WordPress may need to perform an urgent update related to the popular BackupBuddy plugin. BackupBuddy is a plugin which offers backup solutions designed to combat "hacks, malware, user error, deleted files, and running bad commands". Unfortunately, running an older version of BackupBuddy...
BackupBuddy Plugin for WordPress < 8.7.5 Arbitrary File Read
The WordPress BackupBuddy Plugin installed on the remote host is affected by an arbitrary file read vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...
WordPress BackupBuddy Plugin Arbitrary File Read (CVE-2022-31474)
An arbitrary file read vulnerability exists in WordPress BackupBuddy Plugin. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to access and read arbitrary file...
Hackers Exploit Zero-Day in WordPress BackupBuddy Plugin in ~5 Million Attempts
A zero-day flaw in a WordPress plugin called BackupBuddy is being actively exploited, WordPress security company Wordfence has disclosed. "This vulnerability makes it possible for unauthenticated users to download arbitrary files from the affected site which can include sensitive information," it...
PT-2022-20752 · Ithemes · Ithemes Backupbuddy
Name of the Vulnerable Software and Affected Versions: iThemes BackupBuddy versions 8.5.8.0 through 8.7.4.1 Description: The issue affects the iThemes BackupBuddy plugin, allowing unauthorized users to upload arbitrary files from a vulnerable site, potentially containing confidential information...
WordPress BackupBuddy 8.7.4.1 Arbitrary File Read Vulnerability
WordPress BackupBuddy plugin versions 8.5.8.0 through 8.7.4.1 suffer from an arbitrary file read and download vulnerability. Description: Arbitrary File Download/Read Affected Plugin: BackupBuddy Plugin Slug: backupbuddy Plugin Developer: iThemes Affected Versions: 8.5.8.0 – 8.7.4.1 CVE ID:...