127 matches found
CVE-2023-5505
The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the job-specific backup folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally,...
CVE-2023-5505
The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the job-specific backup folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally,...
CVE-2023-5505 BackWPup <= 4.0.1 - Authenticated (Administrator+) Directory Traversal
The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the job-specific backup folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally,...
CVE-2023-5505 BackWPup <= 4.0.1 - Authenticated (Administrator+) Directory Traversal
The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the job-specific backup folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally,...
CVE-2023-5505
CVE-2023-5505 refers to BackWPup – WordPress Backup & Restore Plugin. Affected: BackWPup
WordPress plugin BackWPup 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2024-14814 · WordPress · Backwpup
Name of the Vulnerable Software and Affected Versions: BackWPup plugin for WordPress versions up to, and including, 4.0.1 Description: The issue allows authenticated attackers to store backups in arbitrary folders on the server, provided they can be written to by the server. This is achieved via...
WordPress BackWPup plugin < 4.0.4 - Unauthenticated Backup Download vulnerability
Unauthenticated Backup Download vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin BackWPup versions 4.0.4...
WordPress BackWPup Plugin < 4.0.4 is vulnerable to Sensitive Data Exposure
Software BackWPup Type Plugin Vulnerable versions 4.0.4 Fixed in 4.0.4 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-7164 Patch priority Low CVSS severity Low 6.8 Developer Claim ownership PSID 21f6bbb8269a Credits Dmitrii Ignatyev Required privilege...
CVE-2023-7164
The BackWPup WordPress plugin before 4.0.4 does not prevent Directory Listing in its temporary backup folder, allowing unauthenticated attackers to download backups of a site's database...
CVE-2023-7164
The BackWPup WordPress plugin before 4.0.4 does not prevent Directory Listing in its temporary backup folder, allowing unauthenticated attackers to download backups of a site's database...
CVE-2023-7164 BackWPup < 4.0.4 - Unauthenticated Backup Download
The BackWPup WordPress plugin before 4.0.4 does not prevent Directory Listing in its temporary backup folder, allowing unauthenticated attackers to download backups of a site's database...
WordPress Plugin BackWPup 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability...
PT-2024-15217
Name of the Vulnerable Software and Affected Versions BackWPup WordPress plugin versions prior to 4.0.4 Description The issue allows unauthenticated attackers to download backups of a site's database due to the lack of prevention of Directory Listing in the temporary backup folder. This exposes...
BackWPup < 4.0.4 - Unauthenticated Backup Download
Description The plugin does not prevent visitors from leaking key information about ongoing backups, allowing unauthenticated attackers to download backups of a site's database. PoC 1 Ensure that Apache is configured with the ability to list directory content. 2 When this is done, you can see the...
CVE-2023-5775
The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it possible for authenticated attackers, with...
Default credentials
The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it possible for authenticated attackers, with...
WordPress Plugin BackWPup Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress BackWPup Plugin <= 4.0.2 is vulnerable to Sensitive Data Exposure
Software BackWPup Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-5775 Patch priority Low CVSS severity Low 2.2 Developer Claim ownership PSID f595a8cd94ea Credits Stefan Marjanov Required privileg...
CVE-2023-5775 BackWPup <= 4.0.2 - Plaintext Storage of Backup Destination Password
The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it possible for authenticated attackers, with...