EUVD-2017-9604

Malware in sbrugna...

CVE-2021-24155

The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users admin+ to upload arbitrary files, including PHP ones, leading to RCE...

CVE-2022-34148 WordPress Backup Guard Plugin <= 1.6.9.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in JetBackup JetBackup – WP Backup, Migrate & Restore plugin = 1.6.9.0 versions...

WordPress Backup Guard plugin <= 1.6.9.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Daffa Patchstack Alliance in the WordPress Backup Guard plugin versions = 1.6.9.0. Solution Update the WordPress Backup Guard plugin to the latest available version at least 1.6.9.1...

Wordpress Plugin Backup Guard - Authenticated Remote Code Execution

This module allows an attacker with a privileged Wordpress account to launch a reverse shell due to an arbitrary file upload vulnerability in Wordpress plugin Backup Guard .php Module Options msf use exploit/multi/http/wppluginbackupguardrce msf exploitwppluginbackupguardrce show targets...

WordPress Backup Guard Authenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Plugin Backup Guard - Authenticated Remote Code Execution', 'Description' = %q This module allows an attacker with a privileged Wordpre...

WordPress Backup Guard Authenticated Remote Code Execution Exploit

This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in Wordpress plugin Backup Guard versions prior to 1.6.0. This is due to an incorrect check of the uploaded file extension which should be of SGBP...

Wordpress Backup Guard 1.5.8 Plugin - Remote Code Execution (Authenticated) Exploit

Exploit Title: Wordpress Plugin Backup Guard 1.5.8 - Remote Code Execution Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://backup-guard.com/products/backup-wordpress Software Link: https://downloads.wordpress.org/plugin/backup.1.5.8.zip Version: Before 1.6.0 Tested on...

Wordpress Plugin Backup Guard 1.5.8 - Remote Code Execution (Authenticated)

Exploit Title: Wordpress Plugin Backup Guard 1.5.8 - Remote Code Execution Authenticated Date 02.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://backup-guard.com/products/backup-wordpress Software Link: https://downloads.wordpress.org/plugin/backup.1.5.8.zip Version: Before...

WordPress Backup Guard 1.5.8 Shell Upload

Exploit Title: Wordpress Plugin Backup Guard 1.5.8 - Remote Code Execution Authenticated Date 02.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://backup-guard.com/products/backup-wordpress Software Link: https://downloads.wordpress.org/plugin/backup.1.5.8.zip Version: Before...

CVE-2021-24155

The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users admin+ to upload arbitrary files, including PHP ones, leading to RCE...

CVE-2021-24155

The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users admin+ to upload arbitrary files, including PHP ones, leading to RCE...

Format string

The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users admin+ to upload arbitrary files, including PHP ones, leading to RCE...

CVE-2021-24155

The CVE-2021-24155 vulnerability affects WordPress Backup Guard plugin prior to 1.6.0. The authenticated arbitrary file upload flaw does not validate that imported files are in the SGBP format/extension, enabling high-privilege (admin+) users to upload arbitrary files, including PHP, and potentia...

CVE-2021-24155 Backup Guard < 1.6.0 - Authenticated Arbitrary File Upload

The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users admin+ to upload arbitrary files, including PHP ones, leading to RCE...

WordPress Backup Guard plugin <= 1.5.9 - Authenticated Arbitrary File Upload vulnerability

Authenticated Arbitrary File Upload vulnerability found by Nguyen Van Khanh in WordPress Backup Guard plugin versions = 1.5.9. Solution Update the WordPress Backup Guard plugin to the latest available version at least 1.6.0...

Backup Guard < 1.6.0 - Authenticated Arbitrary File Upload

The plugin did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users admin+ to upload arbitrary files, including PHP ones, leading to RCE. Additional Info, and Bypass of .htaccess protection found by WPScanTeam, while confirming the issue: There is...

CVE-2017-18488

CVE-2017-18488 affects the Backup Guard WordPress plugin, with multiple XSS issues reported in versions prior to 1.1.47. The connected documents confirm the existence of XSS in this plugin, but do not provide technical details about the exact vulnerable component, root cause, impact specifics, ex...

BackupGuard < 1.1.47 - Authenticated Cross-Site Scripting (XSS)

The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability...

Backup Guard < 1.0.3 - Authenticated Arbitrary File Upload

The plugin allowed any authenticated user to call the AJAX actions, including the one to import backups which could lead to arbitrary file upload...