WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

WordPress VM Backups Plugin Cross-Site Request Forgery Vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A cross-site request forgery vulnerability exists in...

Database Backup for WordPress < 2.4 - Authenticated Persistent Cross-Site Scripting (XSS)

The plugin did not escape the backuprecipient POST parameter in before output it back in the attribute of an HTML tag, leading to a Stored Cross-Site Scripting issue. PoC POST /wp-admin/tools.php?page=wp-db-backup HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 Content-Type:...

Database Backup for WordPress < 2.4 - Authenticated Persistent Cross-Site Scripting (XSS)

The plugin did not escape the backuprecipient POST parameter in before output it back in the attribute of an HTML tag, leading to a Stored Cross-Site Scripting issue. POST /wp-admin/tools.php?page=wp-db-backup HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 Content-Type:...

emlog Remote Code Execution Vulnerability

emlog is a powerful blog and CMS builder based on PHP and MySQL. A remote code execution vulnerability exists in emlog versions 5.3.1, 6.0.0. The vulnerability stems from uploading a database backup file in admin/data.php. An attacker can exploit this vulnerability to achieve remote code executio...

CVE-2021-31737

emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerability due to upload of database backup file in admin/data.php...

CVE-2021-31737

emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerability due to upload of database backup file in admin/data.php...

Remote code execution

emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerability due to upload of database backup file in admin/data.php...

CVE-2021-31737

CVE-2021-31737 affects emlog v5.3.1 and v6.0.0. Description across Red Hat, CNVD, NVD and CNVD confirms a Remote Code Execution vulnerability caused by uploading a database backup file via admin/data.php. The root cause is the handling of uploaded database backups leading to code execution on the...

CVE-2021-31737

emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerability due to upload of database backup file in admin/data.php...

CVE-2020-21997

Smartwares HOME easy =1.0.9 is vulnerable to an unauthenticated database backup download and information disclosure vulnerability. An attacker could disclose sensitive and clear-text information resulting in authentication bypass, session hijacking and full system control...

CVE-2020-21997

Smartwares HOME easy =1.0.9 is vulnerable to an unauthenticated database backup download and information disclosure vulnerability. An attacker could disclose sensitive and clear-text information resulting in authentication bypass, session hijacking and full system control...

CVE-2020-21997

Smartwares HOME easy

PT-2021-10712 · Smartwares · Smartwares Home Easy

Name of the Vulnerable Software and Affected Versions: Smartwares HOME easy versions prior to 1.0.9 Description: The issue allows for an unauthenticated database backup download and information disclosure. This could lead to the disclosure of sensitive and clear-text information, potentially...

Unauthorized Access Vulnerability in Crypto Email and Enterprise Mailboxes

Beijing Xiongzhiweiye Software Co., Ltd. was founded in 1996, is a professional network platform development vendors, the company's main business for the development and sales of computer network software products, and computer software, hardware products sales, agents. An unauthorized access...

VM Backups <= 1.0 - CSRF to Database Backup Download

The plugin does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the DB, plugins, and current theme. The files will be created in the uploads directory by default, with a timestamp in their filenames, without any access restriction,...

VM Backups <= 1.0 - CSRF to Database Backup Download

The plugin does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the DB, plugins, and current theme. The files will be created in the uploads directory by default, with a timestamp in their filenames, without any access restriction,...

WordPress Database Backups plugin <= 1.2.2.6 - Cross-Site Request Forgery (CSRF) vulnerability leading to backup download

Cross-Site Request Forgery CSRF vulnerability leading to backup download discovered by 0xB9 in WordPress Database Backups plugin versions = 1.2.2.6. Solution 2021-03-18 - we were unable to find a patched version of this plugin. WordPress.org plugin repository notice: "This plugin has been closed ...

WordPress Total Upkeep Unauthenticated Backup Downloader

This module exploits an unauthenticated database backup vulnerability in WordPress plugin 'Boldgrid-Backup' also known as 'Total Upkeep' version use auxiliary/scanner/http/wptotalupkeepdownloader msf auxiliarywptotalupkeepdownloader show actions ...actions... msf auxiliarywptotalupkeepdownloader...

WordPress Plugin Total Upkeep 1.14.9 - Database and Files Backup Download

Exploit Title: WordPress Plugin Total Upkeep 1.14.9 - Database and Files Backup Download Google Dork: intitle:"Index of" AND "wp-content/plugins/boldgrid-backup/=" Date: 2020-12-12 Exploit Author: Wadeek Vendor Homepage: https://www.boldgrid.com/ Software Link:...