98 matches found
CVE-2023-5737
The WordPress Backup & Migration WordPress plugin before 1.4.4 does not authorize some AJAX requests, allowing users with a role as low as Subscriber to update some plugin settings...
PT-2023-32291 · WordPress · Wordpress Backup & Migration
Name of the Vulnerable Software and Affected Versions: WordPress Backup & Migration WordPress plugin versions prior to 1.4.4 Description: The issue allows users with a role as low as Subscriber to update some plugin settings due to a lack of authorization for certain AJAX requests. Recommendation...
CVE-2023-41660 WordPress WP Migration Plugin DB & Files – WP Synchro Plugin <= 1.9.1 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in WPSynchro WP Synchro plugin = 1.9.1 versions...
WordPress WPvivid Backup and Migration Plugin <= 0.9.89 is vulnerable to Arbitrary File Deletion
Software WPvivid Backup and Migration Type Plugin Vulnerable versions = 0.9.89 Fixed in 0.9.90 OWASP Top 10 A5: Security Misconfiguration Classification Arbitrary File Deletion CVE CVE-2023-4274 Patch priority Low CVSS severity Low 8.7 Developer Claim ownership PSID 578242027a0b Credits Ivan...
org.jenkins-ci.plugins:salesforce-migration-assistant-plugin (=2.2.0) potentially affected by CVE-2023-24435 via org.jenkins-ci.plugins:ghprb (=1.31.4)
org.jenkins-ci.plugins:ghprb MAVEN version =1.31.4 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:ghprb and may be impacted: - org.jenkins-ci.plugins:salesforce-migration-assistant-plugin =2.2.0 Source cves: CVE-2023-24435 Sourc...
CVE-2022-2863
The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack...
CVE-2022-2863
The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack...
CVE-2022-2442
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to deserialization of untrusted input via the 'path' parameter in versions up to, and including 0.9.74. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper...
WordPress WPvivid Backup and Migration plugin任意文件读取漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress WPvivid Backup and Migration plugin version 0.9.70 and previous versions contain an arbitrary file read vulnerability. An...
CVE-2022-0531
The Migration, Backup, Staging WordPress plugin before 0.9.70 does not sanitise and escape the subpage parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting...
CVE-2022-0531 WPvivid Backup and Migration Plugin < 0.9.70 - Reflected Cross-Site Scripting
The Migration, Backup, Staging WordPress plugin before 0.9.70 does not sanitise and escape the subpage parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting...
CVE-2021-24216
The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files' extension, which allows administrators to upload PHP files on their site, even on multisite installations...
WordPress plugin 代码问题漏洞
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress All-in-One WP Migration has a code issue vulnerability that can be exploited by attackers to upload PHP...
WordPress WPvivid Backup and Migration Plugin <= 0.9.68 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress WPvivid Backup and Migration Plugin versions = 0.9.68. Solution Update the WordPress WPvivid Backup and Migration Plugin to the latest available version at least 0.9.69...
WordPress Backup Migration plugin <= 1.1.5 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability
Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by Vlad Visse Patchstack in WordPress Backup Migration plugin versions = 1.1.5. Solution Update the WordPress Backup Migration plugin to the latest available version at least 1.1.6...
WordPress WPvivid Backup and Migration plugin <= 0.9.52 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered in WordPress WPvivid Backup and Migration plugin versions = 0.9.52. Solution Update the WordPress WPvivid Backup and Migration plugin to the latest available version at least 0.9.53...
WordPress WPvivid Backup and Migration plugin <= 0.9.35 - Missing Authorization vulnerability leading to Database Leak
Missing Authorization vulnerability leading to Database Leak discovered by Dave Jong Patchstack in WordPress WPvivid Backup and Migration plugin versions = 0.9.35. Solution Update the WordPress WPvivid Backup and Migration plugin to the latest available version at least 0.9.36...
WordPress All-in-One WP Migration plugin <= 6.97 - Cross-Site Scripting (XSS) vulnerability (admin backend)
Cross-Site Scripting XSS vulnerability admin backend found by Connum in WordPress All-in-One WP Migration plugin versions = 6.97. Solution Update the WordPress All-in-One WP Migration plugin to the latest available version at least 7.0...