CVE-2024-9663

The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-9662

The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-2257

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.10 via the compressionlevel setting. This is due to the plugin using the compressionlevel setting in procopen withou...

WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin <= 5.25.08 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Nabil Irawan in WordPress Plugin EZ SQL Reports Shortcode Widget and DB Backup versions = 5.25.08...

CVE-2025-2257

CVE-2025-2257 affects the Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid for WordPress. Versions up to and including 1.16.10 are vulnerable due to unvalidated compression_level used in proc_open, enabling authenticated administrators to execute code remotely. Wordfence ...

WordPress plugin Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid 操作系统命令注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. WordPress plugin Total Upkeep - WordPress Backup Plugin plu...

CVE-2025-2319

CVE-2025-2319 concerns the EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress. According to the CVE entry, versions 4.11.13 through 5.25.08 are vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation in the ELISQLREPORTS_menu function, which could all...

WordPress SQL Backup plugin <= 3.5.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by johska in WordPress Plugin WordPress SQL Backup versions = 3.5.2...

WordPress plugin WordPress SQL Backup 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin...

CVE-2025-24832

Arbitrary file overwrite during home directory recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM Linux before build 1.8.4.866, Acronis Backup plugin for cPanel & WHM Linux before build 1.9.1.892, Acronis Backup extension f...

CVE-2024-34014

Arbitrary file overwrite during recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM Linux before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM Linux before build 1.9.1.892, Acronis Backup extension for Plesk Linux...

CVE-2025-24832

Arbitrary file overwrite during home directory recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM Linux before build 1.8.4.866, Acronis Backup plugin for cPanel & WHM Linux before build 1.9.1.892, Acronis Backup extension f...

CVE-2025-24832

CVE-2025-24832 affects Acronis Backup plugin for cPanel & WHM (Linux) and Acronis Backup extension for Plesk (Linux). The root cause is improper handling of symbolic links, leading to arbitrary file overwrite during home directory recovery. Affected versions are: plugin 1.8.4.866 and earlier, plu...

CVE-2024-13907

CVE-2024-13907 : The BoldGrid WordPress plugin “Total Upkeep” (Backup Plugin plus Restore & Migrate) is vulnerable to Server-Side Request Forgery (SSRF) in all versions up to and including 1.16.8 via the plugin’s download function. An attacker with at least Administrator+ privileges can cause the...

Acronis Backup plugin for cPanel & WHM (Linux)和Acronis Backup extension for Plesk (Linux) 安全漏洞

Acronis Backup plugin for cPanel & WHM Linux and Acronis Backup extension for Plesk Linux are both plug-ins from Acronis Switzerland. A security vulnerability exists in Acronis Backup plugin for cPanel & WHM Linux and Acronis Backup extension for Plesk Linux, which stems from improper handling of...

CVE-2025-26887 WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin <= 5.21.35 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Eli EZ SQL Reports Shortcode Widget and DB Backup elisqlreports allows Stored XSS.This issue affects EZ SQL Reports Shortcode Widget and DB Backup: from n/a through = 5.21.35...

CVE-2020-35950

An issue was discovered in the XCloner Backup and Restore plugin before 4.2.153 for WordPress. It allows CSRF via almost any endpoint...

CVE-2024-10028

The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.13 via the exposed process stats file during the backup process. This makes it possible for unauthenticat...

CVE-2024-9461

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.6 via the croninterval parameter. This is due to missing input validation and sanitization. This makes it possible f...

WordPress plugin WP Database Backup 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...