Lucene search
K

98 matches found

OSV
OSV
added 2023/11/27 5:15 p.m.5 views

CVE-2023-5737

The WordPress Backup & Migration WordPress plugin before 1.4.4 does not authorize some AJAX requests, allowing users with a role as low as Subscriber to update some plugin settings...

4.3CVSS7.3AI score0.00454EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/11/27 12:0 a.m.9 views

PT-2023-32291 · WordPress · Wordpress Backup & Migration

Name of the Vulnerable Software and Affected Versions: WordPress Backup & Migration WordPress plugin versions prior to 1.4.4 Description: The issue allows users with a role as low as Subscriber to update some plugin settings due to a lack of authorization for certain AJAX requests. Recommendation...

4.3CVSS5.5AI score0.00454EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2023/10/09 1:51 p.m.9 views

CVE-2023-41660 WordPress WP Migration Plugin DB & Files – WP Synchro Plugin <= 1.9.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in WPSynchro WP Synchro plugin = 1.9.1 versions...

6.5CVSS7.1AI score0.00255EPSS
Exploits0References1
Patchstack
Patchstack
added 2023/09/25 12:0 a.m.15 views

WordPress WPvivid Backup and Migration Plugin <= 0.9.89 is vulnerable to Arbitrary File Deletion

Software WPvivid Backup and Migration Type Plugin Vulnerable versions = 0.9.89 Fixed in 0.9.90 OWASP Top 10 A5: Security Misconfiguration Classification Arbitrary File Deletion CVE CVE-2023-4274 Patch priority Low CVSS severity Low 8.7 Developer Claim ownership PSID 578242027a0b Credits Ivan...

8.7CVSS6.9AI score0.01219EPSS
Exploits1References3Affected Software1
vulnersOsv
vulnersOsv
added 2023/01/26 9:30 p.m.3 views

org.jenkins-ci.plugins:salesforce-migration-assistant-plugin (=2.2.0) potentially affected by CVE-2023-24435 via org.jenkins-ci.plugins:ghprb (=1.31.4)

org.jenkins-ci.plugins:ghprb MAVEN version =1.31.4 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:ghprb and may be impacted: - org.jenkins-ci.plugins:salesforce-migration-assistant-plugin =2.2.0 Source cves: CVE-2023-24435 Sourc...

6.5CVSS6.5AI score0.00821EPSS
Exploits0
OSV
OSV
added 2022/09/16 9:15 a.m.5 views

CVE-2022-2863

The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack...

4.9CVSS5.8AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/09/16 9:15 a.m.2 views

CVE-2022-2863

The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack...

4.9CVSS5.9AI score0.18147EPSS
Exploits3References5
ATTACKERKB
ATTACKERKB
added 2022/09/06 6:15 p.m.3 views

CVE-2022-2442

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to deserialization of untrusted input via the 'path' parameter in versions up to, and including 0.9.74. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper...

7.2CVSS6AI score0.01329EPSS
Exploits0References6
CNVD
CNVD
added 2022/04/13 12:0 a.m.25 views

WordPress WPvivid Backup and Migration plugin任意文件读取漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress WPvivid Backup and Migration plugin version 0.9.70 and previous versions contain an arbitrary file read vulnerability. An...

7.5CVSS4AI score0.01444EPSS
Exploits0References1
OSV
OSV
added 2022/04/11 3:15 p.m.3 views

CVE-2022-0531

The Migration, Backup, Staging WordPress plugin before 0.9.70 does not sanitise and escape the subpage parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting...

6.1CVSS6.4AI score0.00788EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/04/11 2:40 p.m.17 views

CVE-2022-0531 WPvivid Backup and Migration Plugin < 0.9.70 - Reflected Cross-Site Scripting

The Migration, Backup, Staging WordPress plugin before 0.9.70 does not sanitise and escape the subpage parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting...

6.2AI score0.00788EPSS
Exploits1References1
OSV
OSV
added 2022/03/07 9:15 a.m.5 views

CVE-2021-24216

The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files' extension, which allows administrators to upload PHP files on their site, even on multisite installations...

7.2CVSS5.8AI score0.01687EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/03/07 12:0 a.m.4 views

WordPress plugin 代码问题漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress All-in-One WP Migration has a code issue vulnerability that can be exploited by attackers to upload PHP...

7.2CVSS5.8AI score0.01687EPSS
Exploits2References3
Patchstack
Patchstack
added 2022/01/31 12:0 a.m.22 views

WordPress WPvivid Backup and Migration Plugin <= 0.9.68 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress WPvivid Backup and Migration Plugin versions = 0.9.68. Solution Update the WordPress WPvivid Backup and Migration Plugin to the latest available version at least 0.9.69...

6.1CVSS2.5AI score0.01213EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2021/11/17 12:0 a.m.19 views

WordPress Backup Migration plugin <= 1.1.5 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by Vlad Visse Patchstack in WordPress Backup Migration plugin versions = 1.1.5. Solution Update the WordPress Backup Migration plugin to the latest available version at least 1.1.6...

5.4CVSS2.4AI score0.00552EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/04/26 12:0 a.m.11 views

WordPress WPvivid Backup and Migration plugin <= 0.9.52 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered in WordPress WPvivid Backup and Migration plugin versions = 0.9.52. Solution Update the WordPress WPvivid Backup and Migration plugin to the latest available version at least 0.9.53...

2.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2020/02/28 12:0 a.m.14 views

WordPress WPvivid Backup and Migration plugin <= 0.9.35 - Missing Authorization vulnerability leading to Database Leak

Missing Authorization vulnerability leading to Database Leak discovered by Dave Jong Patchstack in WordPress WPvivid Backup and Migration plugin versions = 0.9.35. Solution Update the WordPress WPvivid Backup and Migration plugin to the latest available version at least 0.9.36...

3.6AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2019/07/18 12:0 a.m.14 views

WordPress All-in-One WP Migration plugin <= 6.97 - Cross-Site Scripting (XSS) vulnerability (admin backend)

Cross-Site Scripting XSS vulnerability admin backend found by Connum in WordPress All-in-One WP Migration plugin versions = 6.97. Solution Update the WordPress All-in-One WP Migration plugin to the latest available version at least 7.0...

2.1AI score
Exploits0References1Affected Software1
Rows per page
Query Builder