Updraftplus < 1.13.5 - XSS

The UpdraftPlus WordPress Backup Plugin WordPress plugin was affected by a XSS security vulnerability...

Wordpress Simple Backup 插件2.7.10-任意文件下载漏洞

No description provided by source...

WordPress EZPZ One Click Backup Plugin <= 12.03.10 - XSS

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

CVE-2014-9119

Directory traversal vulnerability in download.php in the DB Backup plugin 4.5 and earlier for Wordpress allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...

Directory traversal

Directory traversal vulnerability in download.php in the DB Backup plugin 4.5 and earlier for Wordpress allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...

CVE-2014-9119

CVE-2014-9119 affects WordPress DB Backup Plugin (version 4.5 and earlier). A local file inclusion / directory traversal flaw exists in download.php, permitting an attacker to read arbitrary server files by manipulating the file parameter (e.g., via path traversal). The NUCLEI template and relate...

Joomla/WordPress XCloner Command Execution / Password Disclosure

XCloner plugin version 3.1.1 for WordPress and 3.5.1 for Joomla! suffers from arbitrary command execution, MySQL password disclosure, database backups exposed, unauthenticated remote access, and various other vulnerabilities. Title: XCloner Wordpress/Joomla! backup Plugin v3.1.1 Wordpress v3.5.1...

WordPress Backup Plugin 2.0.1 Information Disclosure

No description provided by source. Exploit Title: WordPress Backup plugin exposes site data Google Dork: http://www.google.com/search?q=inurl:wp-content/backup.log Date: 01-jul-2012 Exploit Author: Stephan Knauss Vendor Homepage: http://wordpress.org/extend/plugins/backup/ Software Link:...

Backupbuddy 2.2.4 Sensitive Data Exposure

Backupbuddy - sensitive data exposure in importbuddy.php "the premiere WordPress backup plugin to backup, restore and move WordPress" http://ithemes.com/purchase/backupbuddy/ known versions affected: v1.3.4, v2.1.4, v2.2.25, v2.2.28, v2.2.4, likely other versions also impact: access to wordpress...

CVE-2011-5264

The CVE-2011-5264 entry maps to a documented XSS in the WordPress Lazyest Backup plugin, specifically in lazyest-backup.php vulnerable via the xml_or_all parameter. Affected version is prior to 0.2.2. Exploitation would allow remote attackers to inject arbitrary script/HTML in the context of the ...

WordPress Plugin Backup 2.0.1 - Information Disclosure

WordPress Plugin Backup 2.0.1 - Information Disclosure Exploit Title: WordPress Backup plugin exposes site data Google Dork: http://www.google.com/search?q=inurl:wp-content/backup.log Date: 01-jul-2012 Exploit Author: Stephan Knauss Vendor Homepage: http://wordpress.org/extend/plugins/backup/...

Information Leakage and Full path disclosure vulnerabilities in WordPress

Hello 3APA3A! I want to warn you about security vulnerabilities in WordPress which I published at 30.07.2010 during my Day of bugs in WordPress 2 project. ------------------------------ Advisory: Day of bugs in WordPress 2: Information Leakage and Full path disclosure vulnerabilities in WordPress...

CVE-2007-3494

Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend administration plugins, which allows remote authenticated users to 1 read the entire database by accessing the database backup plugin via a devtools/templates/newdumpbackend.html argument in the templa...

GLSA-200611-10 : WordPress: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200611-10 WordPress: Multiple vulnerabilities 'random' discovered that users can enter serialized objects as strings in their profiles that will be harmful when unserialized. 'adapter' found out that user-edit.php fails to...

DEBIAN-CVE-2006-5705

Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the 1 backup and 2 fragment parameters in a GET request...

CVE-2006-4208

Directory traversal vulnerability in wp-db-backup.php in Skippy WP-DB-Backup plugin for WordPress 1.7 and earlier allows remote authenticated users with administrative privileges to read arbitrary files via a .. dot dot in the backup parameter to edit.php...

CVE-2006-4208

CVE-2006-4208 describes a directory traversal in the Skippy WP-DB-Backup WordPress plugin (versions 1.7 and earlier). The flaw exists in wp-db-backup.php where an authenticated user with administrative privileges can read arbitrary files by supplying a ".." in the backup parameter to edit.php. Th...