Lucene search
K

127 matches found

NVD
NVD
added 2024/08/17 9:15 a.m.21 views

CVE-2023-5505

The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the job-specific backup folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally,...

6.8CVSS0.00981EPSS
Exploits0References5
OSV
OSV
added 2024/08/17 9:15 a.m.7 views

CVE-2023-5505

The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the job-specific backup folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally,...

6.8CVSS5.8AI score0.00981EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/08/17 8:37 a.m.16 views

CVE-2023-5505 BackWPup <= 4.0.1 - Authenticated (Administrator+) Directory Traversal

The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the job-specific backup folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally,...

6.8CVSS6.7AI score0.00981EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/08/17 8:37 a.m.26 views

CVE-2023-5505 BackWPup <= 4.0.1 - Authenticated (Administrator+) Directory Traversal

The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the job-specific backup folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally,...

6.8CVSS0.00981EPSS
Exploits0References5
CVE
CVE
added 2024/08/17 8:37 a.m.65 views

CVE-2023-5505

CVE-2023-5505 refers to BackWPup – WordPress Backup & Restore Plugin. Affected: BackWPup

6.8CVSS6.5AI score0.00981EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2024/08/17 12:0 a.m.7 views

WordPress plugin BackWPup 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.8CVSS6.7AI score0.00981EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/08/17 12:0 a.m.7 views

PT-2024-14814 · WordPress · Backwpup

Name of the Vulnerable Software and Affected Versions: BackWPup plugin for WordPress versions up to, and including, 4.0.1 Description: The issue allows authenticated attackers to store backups in arbitrary folders on the server, provided they can be written to by the server. This is achieved via...

6.8CVSS6.6AI score0.00981EPSS
Exploits0References10
Patchstack
Patchstack
added 2024/04/09 2:46 a.m.5 views

WordPress BackWPup plugin < 4.0.4 - Unauthenticated Backup Download vulnerability

Unauthenticated Backup Download vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin BackWPup versions 4.0.4...

7.5CVSS7AI score0.02261EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2024/04/09 12:0 a.m.16 views

WordPress BackWPup Plugin < 4.0.4 is vulnerable to Sensitive Data Exposure

Software BackWPup Type Plugin Vulnerable versions 4.0.4 Fixed in 4.0.4 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-7164 Patch priority Low CVSS severity Low 6.8 Developer Claim ownership PSID 21f6bbb8269a Credits Dmitrii Ignatyev Required privilege...

7.5CVSS6.5AI score0.02261EPSS
Exploits2References4Affected Software1
NVD
NVD
added 2024/04/08 6:15 p.m.17 views

CVE-2023-7164

The BackWPup WordPress plugin before 4.0.4 does not prevent Directory Listing in its temporary backup folder, allowing unauthenticated attackers to download backups of a site's database...

7.5CVSS6.3AI score0.02261EPSS
Exploits2References1
OSV
OSV
added 2024/04/08 6:15 p.m.4 views

CVE-2023-7164

The BackWPup WordPress plugin before 4.0.4 does not prevent Directory Listing in its temporary backup folder, allowing unauthenticated attackers to download backups of a site's database...

7.5CVSS5.8AI score0.02261EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/04/08 5:28 p.m.30 views

CVE-2023-7164 BackWPup < 4.0.4 - Unauthenticated Backup Download

The BackWPup WordPress plugin before 4.0.4 does not prevent Directory Listing in its temporary backup folder, allowing unauthenticated attackers to download backups of a site's database...

6.5AI score0.02261EPSS
Exploits2References1
CNNVD
CNNVD
added 2024/04/08 12:0 a.m.5 views

WordPress Plugin BackWPup 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability...

7.5CVSS6.5AI score0.02261EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2024/03/18 12:0 a.m.5 views

PT-2024-15217

Name of the Vulnerable Software and Affected Versions BackWPup WordPress plugin versions prior to 4.0.4 Description The issue allows unauthenticated attackers to download backups of a site's database due to the lack of prevention of Directory Listing in the temporary backup folder. This exposes...

7.5CVSS6.7AI score0.02261EPSS
Exploits2References10
WPVulnDB
WPVulnDB
added 2024/03/18 12:0 a.m.17 views

BackWPup < 4.0.4 - Unauthenticated Backup Download

Description The plugin does not prevent visitors from leaking key information about ongoing backups, allowing unauthenticated attackers to download backups of a site's database. PoC 1 Ensure that Apache is configured with the ability to list directory content. 2 When this is done, you can see the...

6.2AI score0.02261EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2024/02/26 4:27 p.m.4 views

CVE-2023-5775

The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it possible for authenticated attackers, with...

2.7CVSS7.3AI score0.00449EPSS
Exploits0References2
Prion
Prion
added 2024/02/26 4:27 p.m.24 views

Default credentials

The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it possible for authenticated attackers, with...

1.7CVSS7.2AI score0.00449EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/02/26 12:0 a.m.4 views

WordPress Plugin BackWPup Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

2.7CVSS6.9AI score0.00449EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/02/26 12:0 a.m.14 views

WordPress BackWPup Plugin <= 4.0.2 is vulnerable to Sensitive Data Exposure

Software BackWPup Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-5775 Patch priority Low CVSS severity Low 2.2 Developer Claim ownership PSID f595a8cd94ea Credits Stefan Marjanov Required privileg...

2.7CVSS6.5AI score0.00449EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/24 8:38 a.m.22 views

CVE-2023-5775 BackWPup <= 4.0.2 - Plaintext Storage of Backup Destination Password

The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it possible for authenticated attackers, with...

2.2CVSS6.5AI score0.00449EPSS
Exploits0References2
Rows per page
Query Builder