CVE-2025-12092

The CYAN Backup plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' functionality in all versions up to, and including, 2.5.4. This makes it possible for authenticated attackers, with Administrator-level access and above, to delet...

CVE-2025-12092

The CYAN Backup plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' functionality in all versions up to, and including, 2.5.4. This makes it possible for authenticated attackers, with Administrator-level access and above, to delet...

PT-2025-45563

Name of the Vulnerable Software and Affected Versions CYAN Backup plugin for WordPress versions through 2.5.4 Description The CYAN Backup plugin for WordPress has a flaw that allows authenticated attackers with Administrator-level access or higher to delete arbitrary files on the server. This is...

EUVD-2025-15208

Malicious code in bioql PyPI...

CVE-2024-9663

The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-9662

The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress CYAN Backup Plugin <= 2.5.3 is vulnerable to Arbitrary File Download

Software CYAN Backup Type Plugin Vulnerable versions = 2.5.3 Fixed in 2.5.4 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-52390 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID b0f12165e19f Credits Junsu Yeo Required privilege...