CVE-2023-54346

WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then...

CVE-2025-14944

The Backup Migration plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.0.0. This is due to a missing capability check on the 'initializeOfflineAjax' function and lack of proper nonce verification. The endpoint only validates against hardcoded toke...

WordPress Backup Migration plugin <= 2.0.0 - Missing Authorization to Unauthenticated Backup Upload to Offline Storage vulnerability

Missing Authorization to Unauthenticated Backup Upload to Offline Storage vulnerability discovered by 0N0ise - cert.pl in WordPress Plugin Backup Migration versions = 2.0.0...

VulnCheck KEV: CVE-2024-13609

The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 via the class-ocm-backup.php. This makes it possible for unauthenticated attackers to extract sensitive data includi...

WordPress Backup Migration 1.3.7 - Remote Command Execution

Exploit Title: WordPress Backup Migration 1.3.7 - Remote Command Execution Date: 2025-10-26 Exploit Author: DANG Vendor Homepage: https://backupbliss.com/ Software Link: https://wordpress.org/plugins/backup-backup/ Version: Backup Migration ≤1.3.7 Tested on: LINUX CVE : CVE-2023-6553 This module...

CVE-2026-1357

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path sanitization when...

WordPress plugin Migration, Backup, Staging – WPvivid Backup & Migration 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

CVE-2025-12654

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory creation in all versions up to, and including, 0.9.120. This is due to the checkfilesystempermissions function not properly restricting the directories that can be created, or in...

CVE-2025-12394

The Backup Migration WordPress plugin before 2.0.0 does not properly generate its backup path in certain server configurations, allowing unauthenticated users to fetch a log that discloses the backup filename. The backup archive is then downloadable without authentication...

CVE-2025-11170

The WP移行専用プラグイン for CPI plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the CpiwmImportController::import function in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

CVE-2025-11170

The WP移行専用プラグイン for CPI plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the CpiwmImportController::import function in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

CVE-2025-11170 WP移行専用プラグイン for CPI <= 1.0.2 - Unauthenticated Arbitrary File Upload

The WP移行専用プラグイン for CPI plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the CpiwmImportController::import function in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

CVE-2025-11170 WP移行専用プラグイン for CPI <= 1.0.2 - Unauthenticated Arbitrary File Upload

The WP移行専用プラグイン for CPI plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the CpiwmImportController::import function in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

CVE-2025-11170

CVE-2025-11170 concerns the WP移行専用プラグイン for CPI (WordPress) up to version 1.0.2, where missing file type validation in Cpiwm_Import_Controller::import allows unauthenticated uploads of arbitrary files. The consequence stated across sources is potential remote code execution on the affected site, ...

PT-2025-46245

The WP移行専用プラグイン for CPI plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the Cpiwm Import Controller::import function in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to upload arbitrary files on t...

WordPress plugin WP移行専用プラグイン for CPI 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

EUVD-2021-23460

Malware in sbrugna...

EUVD-2024-29918

Malicious code in bioql PyPI...

EUVD-2025-3849

Malicious code in bioql PyPI...

EUVD-2025-14128

Malicious code in bioql PyPI...