CVE-2024-2309

The WP STAGING WordPress Backup Plugin WordPress plugin before 3.4.0, wp-staging-pro WordPress plugin before 5.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml...

CVE-2022-2737

The WP STAGING WordPress plugin before 2.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3412

The WP STAGING WordPress Backup Plugin – Migration Backup Restore plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpstgprocessing AJAX action in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers, wi...

WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.21 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Hakiduck Patchstack Alliance in WordPress Plugin Backup and Staging by WP Time Capsule versions = 1.22.21...

WordPress WP STAGING plugin < 3.5.0 - Admin+ SSRF vulnerability

Admin+ SSRF vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin WP STAGING – Backup Duplicator & Migration versions 3.5.0...

CVE-2024-4469

The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations...

WordPress plugin WP STAGING security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress WP STAGING plugin <= 3.4.3 - Authenticated (Admin+) Arbitrary File Upload vulnerability

Authenticated Admin+ Arbitrary File Upload vulnerability discovered by haidv35 in WordPress Plugin WP STAGING – Backup Duplicator & Migration versions = 3.4.3...

WordPress WP STAGING plugin <= 3.4.3 - Sensitive Information Exposure via Log File vulnerability

Sensitive Information Exposure via Log File vulnerability discovered by haidv35 in WordPress Plugin WP STAGING – Backup Duplicator & Migration versions = 3.4.3...

WordPress plugin WP STAGING and WP STAGING Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress WP Staging < 3.4.0 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin WP STAGING – Backup Duplicator & Migration versions 3.4.0...

WordPress Plugin WP STAGING WordPress Backup 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin WP STAGING...

PT-2024-19666 · WordPress · Wp Staging Pro +1

Name of the Vulnerable Software and Affected Versions: WP STAGING WordPress Backup Plugin versions prior to 3.4.0 wp-staging-pro WordPress plugin versions prior to 5.4.0 Description: The issue concerns the lack of sanitization and escaping of certain settings in the WP STAGING WordPress Backup...

CVE-2023-7204

The WP STAGING WordPress Backup plugin before 3.2.0 allows access to cache files during the cloning process which provides...

CVE-2023-6113

The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin before 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups later...

Information disclosure

The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin before 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups later...

PT-2024-14883 · WordPress · Wp Staging Pro Wordpress Backup Plugin

Name of the Vulnerable Software and Affected Versions: WP STAGING WordPress Backup Plugin versions prior to 3.1.3 WP STAGING Pro WordPress Backup Plugin versions prior to 5.1.3 Description: The issue allows unauthenticated attackers to obtain key information about ongoing backup processes, which...

CVE-2022-2737

The WP STAGING WordPress plugin before 2.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin WP STAGING 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress WP STAGING Plugin <= 2.9.17 - Authenticated Stored Cross-Site Scripting vulnerability

Authenticated Stored Cross-Site Scripting vulnerability discovered by Raad Haddad in WP STAGING versions = 2.9.17 Solution Update the WordPress WP STAGING – Backup Duplicator & Migration plugin to the latest available version at least 2.9.18...