WordPress VM Backups Plugin Cross-Site Request Forgery Vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A cross-site request forgery vulnerability exists in...

Smartwares Home Easy 访问控制错误漏洞

Smartwares Home Easy is an application from Smartwares USA. Comfortably control home devices from your iPhone or Android smartphone using a remote outlet An access control error vulnerability exists in Smartwares HOME easy version 1.0.9 and prior versions, which stems from susceptibility to...

The vulnerability of the backup function for momentary database snapshots in MongoDB Cloud Manager, MongoDB Ops Manager, MongoDB Atlas Legacy Backups, and the document-oriented database management system MongoDB allows a hacker to trigger a service failure.

The vulnerability of the backup function for instant snapshots of MongoDB Cloud Manager, MongoDB Ops Manager, MongoDB Atlas Legacy Backups, and document-oriented database management systems is related to improper handling of conflicting special elements. Exploiting this vulnerability can allow an...

CVE-2019-15059

In Liberty lisPBX 2.0-4, configuration backup files can be retrieved remotely from /backup/lispbx-CONF-YYYY-MM-DD.tar or /backup/lispbx-CDR-YYYY-MM-DD.tar without authentication or authorization. These configuration files have all PBX information including extension numbers, contacts, and passwor...

VulnCheck KEV: CVE-2020-11738

WordPress Snap Creek Duplicator plugin contains a file download vulnerability when an administrator creates a new copy of their site that allows an attacker to download the generated files from their Wordpress dashboard. This vulnerability affects Duplicator and Dulplicator Pro...

WordPress VM Backups plugin <= 1.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by 0xB9 in WordPress VM Backups plugin versions = 1.0. Solution This plugin has been closed as of February 15, 2021 and is not available for download. Reason: Security Issue...

CVE-2021-24174

The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups...

CVE-2021-24174

The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups...

CVE-2021-24172

The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the DB, plugins, and current...

CVE-2021-24173

The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as update the plugin's options, leading to a Stored Cross-Site Scripting issue...

CVE-2021-24172

The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the DB, plugins, and current...

Cross site request forgery (csrf)

The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the DB, plugins, and current...

Cross site request forgery (csrf)

The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups...

Cross site scripting

The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as update the plugin's options, leading to a Stored Cross-Site Scripting issue...

CVE-2021-24173 VM Backups <= 1.0 - CSRF to Stored Cross-Site Scripting (XSS)

The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as update the plugin's options, leading to a Stored Cross-Site Scripting issue...

CVE-2021-24172

The CVE-2021-24172 entry applies to the WordPress VM Backups plugin (versions up to 1.0). The underlying issue is missing CSRF checks in the plugin, which could allow an authenticated attacker to induce a logged-in user to perform actions such as generating backups of the database, plugins, and c...

CVE-2021-24173

CVE-2021-24173 affects the VM Backups WordPress plugin (versions up to 1.0). The vulnerability arises from missing CSRF checks, enabling a logged-in attacker to perform unwanted actions (e.g., updating plugin options) that can lead to Stored Cross-Site Scripting. The available connected sources c...

CVE-2021-24174 Database Backups <= 1.2.2.6 - CSRF to Backup Download

The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plugin's settings and delete backups...

CVE-2021-24174

The CVE-2021-24174 affects the WordPress Database Backups plugin up to version 1.2.2.6. It lacks CSRF checks, enabling an authenticated attacker to induce a logged-in user to perform actions such as generating database backups, changing plugin settings, or deleting backups. The root cause is CSRF...

WordPress VM Backups 跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress.Plugins for WordPress. VM Backups WordPress...