Lucene search
K

70 matches found

OSV
OSV
added 2023/02/21 9:15 a.m.5 views

CVE-2022-4897

The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting...

6.1CVSS5.8AI score0.00858EPSS
Exploits2References1
Prion
Prion
added 2023/02/21 9:15 a.m.22 views

Cross site scripting

The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting...

5.8CVSS6AI score0.00858EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/02/21 8:50 a.m.38 views

CVE-2022-4897 BackupBuddy < 8.8.3 - Multiple Reflected Cross-Site Scripting

The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting...

6.2AI score0.00858EPSS
Exploits2References1
EUVD
EUVD
added 2023/02/21 8:50 a.m.5 views

EUVD-2022-52154

The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting...

6.1CVSS5.7AI score0.00858EPSS
Exploits2References1
CVE
CVE
added 2023/02/21 8:50 a.m.95 views

CVE-2022-4897

The CVE-2022-4897 entry concerns the WordPress BackupBuddy plugin, version

6.1CVSS6.2AI score0.00858EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/21 8:50 a.m.5 views

CVE-2022-4897 BackupBuddy < 8.8.3 - Multiple Reflected Cross-Site Scripting

The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting...

6AI score0.00858EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/02/21 12:0 a.m.5 views

WordPress plugin BackupBuddy 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogging sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

6.1CVSS6.8AI score0.00858EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/02/21 12:0 a.m.5 views

PT-2023-15907 · WordPress · Backupbuddy

Name of the Vulnerable Software and Affected Versions: BackupBuddy WordPress plugin versions prior to 8.8.3 Description: The issue is related to Reflected Cross-Site Scripting. It occurs because the BackupBuddy WordPress plugin does not properly sanitise and escape some parameters before outputti...

6.1CVSS6.5AI score0.00858EPSS
Exploits2References5
Patchstack
Patchstack
added 2023/01/31 12:0 a.m.14 views

WordPress BackupBuddy Plugin < 8.8.3 is vulnerable to Cross Site Scripting (XSS)

Software BackupBuddy Type Plugin Vulnerable versions 8.8.3 Fixed in 8.8.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4897 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID befef1967b69 Credits WPScan Required privilege...

6.1CVSS5.6AI score0.00858EPSS
Exploits2References2Affected Software1
wpexploit
wpexploit
added 2023/01/30 12:0 a.m.125 views

BackupBuddy < 8.8.3 - Multiple Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting Make a logged in admin/SA open one of the URL below: v " "...

6.1CVSS6.7AI score0.00858EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/01/30 12:0 a.m.37 views

BackupBuddy < 8.8.3 - Multiple Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting PoC Make a logged in admin/SA open one of the URL below: v -...

6.1CVSS6.3AI score0.00858EPSS
Exploits2Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2023/01/12 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-31474

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1...

7.5CVSS7.2AI score0.63761EPSS
Exploits2References1
hivepro
hivepro
added 2022/09/14 2:32 p.m.43 views

Zero-day Vulnerability in the WordPress BackupBuddy Plugin

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A zero-day vulnerability in the BackupBuddy WordPress plugin is being actively exploited. There are an estimated 140,000 active installations of the plugin, and the arbitrary file download/read...

3.4AI score0.63761EPSS
Exploits2
The Hacker News
The Hacker News
added 2022/09/14 1:51 a.m.130 views

Over 280,000 WordPress Sites Attacked Using WPGateway Plugin Zero-Day Vulnerability

A zero-day flaw in the latest version of a WordPress premium plugin known as WPGateway is being actively exploited in the wild, potentially allowing malicious actors to completely take over affected sites. Tracked as CVE-2022-3180 CVSS score: 9.8, the issue is being weaponized to add a malicious...

2.3AI score0.08762EPSS
Exploits2
Malwarebytes
Malwarebytes
added 2022/09/13 12:0 p.m.98 views

BackupBuddy WordPress plugin vulnerable to exploitation, update now!

Users of WordPress may need to perform an urgent update related to the popular BackupBuddy plugin. BackupBuddy is a plugin which offers backup solutions designed to combat "hacks, malware, user error, deleted files, and running bad commands". Unfortunately, running an older version of BackupBuddy...

7.5AI score0.63761EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2022/09/13 12:0 a.m.19 views

BackupBuddy Plugin for WordPress < 8.7.5 Arbitrary File Read

The WordPress BackupBuddy Plugin installed on the remote host is affected by an arbitrary file read vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

7.5CVSS7.5AI score0.63761EPSS
Exploits2References3
Check Point Advisories
Check Point Advisories
added 2022/09/12 12:0 a.m.59 views

WordPress BackupBuddy Plugin Arbitrary File Read (CVE-2022-31474)

An arbitrary file read vulnerability exists in WordPress BackupBuddy Plugin. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to access and read arbitrary file...

4.7AI score0.63761EPSS
Exploits2
The Hacker News
The Hacker News
added 2022/09/09 8:19 a.m.135 views

Hackers Exploit Zero-Day in WordPress BackupBuddy Plugin in ~5 Million Attempts

A zero-day flaw in a WordPress plugin called BackupBuddy is being actively exploited, WordPress security company Wordfence has disclosed. "This vulnerability makes it possible for unauthenticated users to download arbitrary files from the affected site which can include sensitive information," it...

0.5AI score0.63761EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2022/09/09 12:0 a.m.8 views

PT-2022-20752 · Ithemes · Ithemes Backupbuddy

Name of the Vulnerable Software and Affected Versions: iThemes BackupBuddy versions 8.5.8.0 through 8.7.4.1 Description: The issue affects the iThemes BackupBuddy plugin, allowing unauthorized users to upload arbitrary files from a vulnerable site, potentially containing confidential information...

7.5CVSS7AI score0.63761EPSS
Exploits2References9
0day.today
0day.today
added 2022/09/08 12:0 a.m.426 views

WordPress BackupBuddy 8.7.4.1 Arbitrary File Read Vulnerability

WordPress BackupBuddy plugin versions 8.5.8.0 through 8.7.4.1 suffer from an arbitrary file read and download vulnerability. Description: Arbitrary File Download/Read Affected Plugin: BackupBuddy Plugin Slug: backupbuddy Plugin Developer: iThemes Affected Versions: 8.5.8.0 – 8.7.4.1 CVE ID:...

7.5CVSS0.63761EPSS
Exploits2
Rows per page
Query Builder