37 matches found
EUVD-2007-5770
Malware in sbrugna...
EUVD-2022-52185
Malicious code in bioql PyPI...
EUVD-2024-31642
Malicious code in bioql PyPI...
CVE-2024-3034
The BackUpWordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.13 via the hmbkpdirectorybrowse parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to traverse directories outside of the...
CVE-2022-4931
The BackupWordPress plugin for WordPress is vulnerable to information disclosure in versions up to, and including 3.12. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...
WordPress BackUpWordPress Plugin <= 3.13 is vulnerable to Directory Traversal
Software BackUpWordPress Type Plugin Vulnerable versions = 3.13 Fixed in 3.14 OWASP Top 10 A3: Injection Classification Directory Traversal CVE CVE-2024-3034 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID 0f3e35fe3c69 Credits dk0pf - Plumeria Lab Required privilege...
CVE-2024-3034
The BackUpWordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.13 via the hmbkpdirectorybrowse parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to traverse directories outside of the...
CVE-2024-3034 BackUpWordPress <= 3.13 - Authenticated (Admin+) Directory Traversal
The BackUpWordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.13 via the hmbkpdirectorybrowse parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to traverse directories outside of the...
CVE-2024-3034
CVE-2024-3034 affects the BackUpWordPress plugin for WordPress. It enables Directory Traversal via the hmbkp_directory_browse parameter in all versions up to 3.13. Exploitation requires administrator-level access or higher. The description and impact are stated in the provided sources; no explici...
WordPress plugin BackUpWordPress 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
BackUpWordPress < 3.14 - Admin+ Directory Traversal
Description The BackUpWordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.13 via the hmbkpdirectorybrowse parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to traverse directories outsi...
PT-2024-3160 · Unknown · Backupwordpress
Name of the Vulnerable Software and Affected Versions: BackUpWordPress versions up to, and including, 3.13 Description: The issue is related to errors in handling relative path to directory when processing the hmbkp directory browse parameter, allowing remote attackers to gain unauthorized access...
WordPress BackUpWordPress 3.8 Backup Disclosure
==================================================================================================================================== | Title : WordPress BackUpWordPress 3.8 Plugins Backup Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...
WordPress BackupWordPress Plugin < 3.13 Information Disclosure Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xibodevelopment:backupwordpress"; ifdescription...
CVE-2022-4931
The BackupWordPress plugin for WordPress is vulnerable to information disclosure in versions up to, and including 3.12. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...
CVE-2022-4931
The BackupWordPress plugin for WordPress is vulnerable to information disclosure in versions up to, and including 3.12. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...
Authorization
The BackupWordPress plugin for WordPress is vulnerable to information disclosure in versions up to, and including 3.12. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...
CVE-2022-4931
The CVE-2022-4931 issue affects the WordPress BackupWordPress plugin (versions up to 3.12). Root cause: missing authorization on the heartbeat_received() function triggered by WordPress heartbeats, allowing authenticated users with subscriber-level permissions or higher to retrieve backup paths a...
CVE-2022-4931
The BackupWordPress plugin for WordPress is vulnerable to information disclosure in versions up to, and including 3.12. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...
CVE-2022-4931
The BackupWordPress plugin for WordPress is vulnerable to information disclosure in versions up to, and including 3.12. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...