SOPlanning security vulnerabilities

SOPlanning is a set of online project management software developed by SOPlanning Company. Versions of SOPlanning 1.55 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the lack of authorization for the backup function, which could allow unauthorized attackers to...

CVE-2026-41663 Admidio: CSRF on Admin Preferences Triggers Unauthorized Backup, .htaccess Write, and Email Send

Admidio is an open-source user management solution. Prior to version 5.0.9, several administrative operations in Admidio's preferences module database backup, test email, htaccess generation fire via GET requests with no CSRF token validation. Because SameSite=Lax cookies travel with top-level GE...

CVE-2026-1104 FastDup – Fastest WordPress Migration & Duplicator <= 2.7.1 - Missing Authorization to Authenticated (Contributor+) Backup Creation and Download

The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to unauthorized backup creation and download due to a missing capability check on REST API endpoints in all versions up to, and including, 2.7.1. This makes it possible for authenticated attackers, with...

CVE-2026-1104

CVE-2026-1104 affects the FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress. The vulnerability is due to a missing capability check on REST API endpoints across all versions up to and including 2.7.1, enabling authenticated attackers with Contributor-level access and above t...

EUVD-2019-6643

Malware in sbrugna...

CVE-2020-36667

The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability checking on the backupguardclouddropbox, backupguardcloudgdrive, and backupguardcloudoneDrive function...

WordPress plugin UpdraftPlus 安全漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A security vulnerability exists in the WordPress plugin...

CVE-2019-11894

CVE-2019-11894 concerns an improper access control in the backup mechanism of the Bosch Smart Home Controller (SHC) prior to version 9.8.905. An attacker could download a backup directly after a legitimate backup completes, potentially exposing sensitive data. The public documents confirm the aff...

WordPress II_OData_Importer 1.0 Database Disclosure

Exploit Title : WordPress IIODataImporter Plugins 1.0 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 02/12/2018 Vendor Homepages : wordpress.org Information about Plugin : +...

VMSA-2015-0002:VMware vSphere Data Protection product update addresses a certificate validation vulnerability.

VMSA-2015-0002 VMware vSphere Data Protection product update addresses a certificate validation vulnerability. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2015-0002 VMware Security Advisory Synopsis: VMware vSphere Data Protection product update addresses a certificate...

EZ-Oscommerce 2.1 by Pass / Creat and Download Backup Vulnerability

Exploit for php platform in category web applications =================================================================== EZ-Oscommerce 2.1 by Pass / Creat and Download Backup Vulnerability ===================================================================...

TorrentTrader Classic 1.09 - Multiple Vulnerabilities

waraxe-2009-SA074 - Multiple Vulnerabilities in TorrentTrader Classic 1.09 =============================================================================== Author: Janek Vind "waraxe" Date: 15. June 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-74.html Description of vulnerable...