WordPress Backup Migration plugin <= 2.0.0 - Missing Authorization to Unauthenticated Backup Upload to Offline Storage vulnerability

Missing Authorization to Unauthenticated Backup Upload to Offline Storage vulnerability discovered by 0N0ise - cert.pl in WordPress Plugin Backup Migration versions = 2.0.0...

CVE-2025-14944 Backup Migration <= 2.0.0 - Missing Authorization to Unauthenticated Backup Upload to Offline Storage

The Backup Migration plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.0.0. This is due to a missing capability check on the 'initializeOfflineAjax' function and lack of proper nonce verification. The endpoint only validates against hardcoded toke...

CVE-2025-14944 Backup Migration <= 2.0.0 - Missing Authorization to Unauthenticated Backup Upload to Offline Storage

The Backup Migration plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.0.0. This is due to a missing capability check on the 'initializeOfflineAjax' function and lack of proper nonce verification. The endpoint only validates against hardcoded toke...

CVE-2025-14944

The CVE concerns the WordPress Backup Migration plugin and affects all versions up to 2.0.0. Root cause: missing capability check in initializeOfflineAjax and insufficient nonce verification, with hardcoded tokens exposed in the plugin’s JavaScript. This allows unauthenticated attackers to trigge...

Stellar Toolkit for Outlook Review: Simplify and Optimize PST/OST File Management

Are you experiencing performance issues with your Outlook data PST and OST in the Outlook environment? Common problems…...

CDP filters installation fails with "Storage providers offline"

Challenge When installing the CDP I/O Filter, the operation fails with "Storage providers are offline." When this occurs you may also notice that within the VMWare GUI the VMWare storage providers show as disconnected. The following is an example of what can be found in the I/O Deployment log:...

How to Steal Bitcoin Wallet Keys (Cold Storage) from Air-Gapped PCs

Dr. Mordechai Guri, the head of R&D team at Israel's Ben Gurion University, who previously demonstrated various methods to steal data from an air-gapped computer, has now published new research named "BeatCoin." BeatCoin is not a new hacking technique; instead, it's an experiment wherein the...

Twitter OSINT framework: Birdwatcher

Birdwatcher is a data analysis and OSINT framework for Twitter. Birdwatcher supports creating multiple workspaces where arbitrary Twitter users can be added and their Tweets harvested through the Twitter API for offline storage and analysis. Birdwatcher comes with several modules which can be...

Bitcoin Price Drops 20% After $72 Million in Bitcoin Stolen from Bitfinex Exchange

Yet another blow to Bitcoin: One of the world's most popular exchanges of the cryptocurrency has suffered a major hack, leading to a loss of around $72 Million worth of Bitcoins. Hong Kong-based Bitcoin exchange 'Bitfinex' has posted a note on their website announcing the shutdown of its operatio...

TrueCrypt vulnerability analysis: than people think the more security-vulnerability warning-the black bar safety net

! TrueCrypt is a is millions on security and privacy lovers the favorite data encryption tool, but recently it broke some of the vulnerabilities. However, according to well-known Information Security Technology Institute of the Fraunhofer-out of a safety analysis report, it may still have to than...