37 matches found
WordPress CYAN Backup plugin < 2.5.3 - Admin+ Stored XSS via Remote Storage Settings vulnerability
Admin+ Stored XSS via Remote Storage Settings vulnerability discovered by Bob Matyas in WordPress Plugin CYAN Backup versions 2.5.3...
WordPress CYAN Backup plugin <= 2.5.4 - Authenticated (Admin+) Arbitrary File Deletion vulnerability
Authenticated Admin+ Arbitrary File Deletion vulnerability discovered by Quy Nguyen in WordPress Plugin CYAN Backup versions = 2.5.4...
CVE-2025-12092
The CYAN Backup plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' functionality in all versions up to, and including, 2.5.4. This makes it possible for authenticated attackers, with Administrator-level access and above, to delet...
EUVD-2025-38375
The CYAN Backup plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' functionality in all versions up to, and including, 2.5.4. This makes it possible for authenticated attackers, with Administrator-level access and above, to delet...
CVE-2025-12092
The CYAN Backup plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' functionality in all versions up to, and including, 2.5.4. This makes it possible for authenticated attackers, with Administrator-level access and above, to delet...
CVE-2025-12092
The CYAN Backup plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' functionality in all versions up to, and including, 2.5.4. This makes it possible for authenticated attackers, with Administrator-level access and above, to delet...
CVE-2025-12092 CYAN Backup <= 2.5.4 - Authenticated (Admin+) Arbitrary File Deletion
The CYAN Backup plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' functionality in all versions up to, and including, 2.5.4. This makes it possible for authenticated attackers, with Administrator-level access and above, to delet...
CVE-2025-12092
The CYAN Backup plugin for WordPress is affected up to version 2.5.4 by an input validation flaw in the delete function that allows authenticated administrators (and higher) to delete arbitrary files on the server. This file-deletion capability can enable remote code execution when sensitive file...
CVE-2025-12092 CYAN Backup <= 2.5.4 - Authenticated (Admin+) Arbitrary File Deletion
The CYAN Backup plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' functionality in all versions up to, and including, 2.5.4. This makes it possible for authenticated attackers, with Administrator-level access and above, to delet...
WordPress plugin CYAN Backup 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A path travers...
PT-2025-45563
Name of the Vulnerable Software and Affected Versions CYAN Backup plugin for WordPress versions through 2.5.4 Description The CYAN Backup plugin for WordPress has a flaw that allows authenticated attackers with Administrator-level access or higher to delete arbitrary files on the server. This is...
EUVD-2025-15208
Malicious code in bioql PyPI...
EUVD-2024-45882
Malicious code in bioql PyPI...
CVE-2024-52390
Path Traversal: '.../...//' vulnerability in Greg Ross CYAN Backup cyan-backup allows Path Traversal.This issue affects CYAN Backup: from n/a through = 2.5.3...
WordPress CYAN Backup plugin < 2.5.3 - Admin+ Stored XSS via General Settings vulnerability
Admin+ Stored XSS via General Settings vulnerability discovered by Bob Matyas in WordPress Plugin CYAN Backup versions 2.5.3...
CVE-2024-9662
The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-9663
The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-9663
The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-9662
The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-9662
The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...