WordPress BackupGuard <1.6.0 - Authenticated Arbitrary File Upload

WordPress Backup Guard plugin before 1.6.0 is susceptible to authenticated arbitrary file upload. The plugin does not ensure that imported files are in SGBP format and extension, allowing high-privilege users to upload arbitrary files, including PHP, possibly leading to remote code execution. id:...

EUVD-2017-9604

Malware in sbrugna...

CVE-2021-24155

The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users admin+ to upload arbitrary files, including PHP ones, leading to RCE...

CVE-2017-18488

The Backup Guard plugin before 1.1.47 for WordPress has multiple XSS issues...

CVE-2022-34148 WordPress Backup Guard Plugin <= 1.6.9.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in JetBackup JetBackup – WP Backup, Migrate & Restore plugin = 1.6.9.0 versions...

CVE-2022-34148 WordPress Backup Guard Plugin <= 1.6.9.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in JetBackup JetBackup – WP Backup, Migrate & Restore plugin = 1.6.9.0 versions...

WordPress Backup Guard plugin <= 1.6.9.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Daffa Patchstack Alliance in the WordPress Backup Guard plugin versions = 1.6.9.0. Solution Update the WordPress Backup Guard plugin to the latest available version at least 1.6.9.1...

Exploit for Unrestricted Upload of File with Dangerous Type in Backup-Guard Backup_Guard

WordPress-Backup-RCE This Metasploit module allows an attacke...

Wordpress Plugin Backup Guard - Authenticated Remote Code Execution

This module allows an attacker with a privileged Wordpress account to launch a reverse shell due to an arbitrary file upload vulnerability in Wordpress plugin Backup Guard .php Module Options msf use exploit/multi/http/wppluginbackupguardrce msf exploitwppluginbackupguardrce show targets...

WordPress Backup Guard Authenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Plugin Backup Guard - Authenticated Remote Code Execution', 'Description' = %q This module allows an attacker with a privileged Wordpre...

WordPress Backup Guard Authenticated Remote Code Execution Exploit

This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in Wordpress plugin Backup Guard versions prior to 1.6.0. This is due to an incorrect check of the uploaded file extension which should be of SGBP...

WordPress Backup Guard 1.5.8 Shell Upload

Exploit Title: Wordpress Plugin Backup Guard 1.5.8 - Remote Code Execution Authenticated Date 02.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://backup-guard.com/products/backup-wordpress Software Link: https://downloads.wordpress.org/plugin/backup.1.5.8.zip Version: Before...

Wordpress Plugin Backup Guard 1.5.8 - Remote Code Execution (Authenticated)

Exploit Title: Wordpress Plugin Backup Guard 1.5.8 - Remote Code Execution Authenticated Date 02.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://backup-guard.com/products/backup-wordpress Software Link: https://downloads.wordpress.org/plugin/backup.1.5.8.zip Version: Before...

Wordpress Backup Guard 1.5.8 Plugin - Remote Code Execution (Authenticated) Exploit

Exploit Title: Wordpress Plugin Backup Guard 1.5.8 - Remote Code Execution Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://backup-guard.com/products/backup-wordpress Software Link: https://downloads.wordpress.org/plugin/backup.1.5.8.zip Version: Before 1.6.0 Tested on...

CVE-2021-24155

The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users admin+ to upload arbitrary files, including PHP ones, leading to RCE...

CVE-2021-24155

The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users admin+ to upload arbitrary files, including PHP ones, leading to RCE...

Format string

The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users admin+ to upload arbitrary files, including PHP ones, leading to RCE...

CVE-2021-24155 Backup Guard < 1.6.0 - Authenticated Arbitrary File Upload

The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users admin+ to upload arbitrary files, including PHP ones, leading to RCE...

CVE-2021-24155

The CVE-2021-24155 vulnerability affects WordPress Backup Guard plugin prior to 1.6.0. The authenticated arbitrary file upload flaw does not validate that imported files are in the SGBP format/extension, enabling high-privilege (admin+) users to upload arbitrary files, including PHP, and potentia...

WordPress 代码问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A code issue vulnerability exists in the WordPress plugin Backup and Migrate Plugin Backup Guard...