5 matches found
UNIX Symbolic Link (Symlink) Following
Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following in the CRI checkpoint restore plugin due to improper validation of symlinked paths. An attacker can access arbitrary files on the host by crafting a malicious checkpoint image and leveraging the...
PT-2026-41465
Name of the Vulnerable Software and Affected Versions Backup and Restore version 1.0.3 Description Authenticated attackers can delete arbitrary files from the WordPress installation directory. This is achieved by sending POST requests to the 'admin-ajax.php' endpoint with manipulated file name an...
EUVD-2025-28785
Malicious code in bioql PyPI...
CVE-2024-12208
CVE-2024-12208 is a reserved candidate; however, connected documents provide concrete details for a related vulnerability: WordPress – Backup and Restore WordPress (WPBackItUp) plugin (versions up to 1.50) suffers a Cross-Site Request Forgery (CSRF) due to missing nonce validation in the ajaxQueu...
CVE-2023-7232
The Backup and Restore WordPress WordPress plugin through 1.45 does not protect some log files containing sensitive information such as site configuration etc, allowing unauthenticated users to access such data...