CVE-2025-66171

The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and have access to specific APIs can create new VMs using backups of any other user of the...

EUVD-2021-11087

Malware in sbrugna...

CVE-2021-24173

The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as update the plugin's options, leading to a Stored Cross-Site Scripting issue...

WordPress VM Backups Plugin Cross-Site Request Forgery Vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A cross-site request forgery vulnerability exists in...

WordPress VM Backups plugin <= 1.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by 0xB9 in WordPress VM Backups plugin versions = 1.0. Solution This plugin has been closed as of February 15, 2021 and is not available for download. Reason: Security Issue...

CVE-2021-24172

The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the DB, plugins, and current...

CVE-2021-24172

The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the DB, plugins, and current...

CVE-2021-24173

The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as update the plugin's options, leading to a Stored Cross-Site Scripting issue...

Cross site scripting

The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as update the plugin's options, leading to a Stored Cross-Site Scripting issue...

Cross site request forgery (csrf)

The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the DB, plugins, and current...

CVE-2021-24173 VM Backups <= 1.0 - CSRF to Stored Cross-Site Scripting (XSS)

The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as update the plugin's options, leading to a Stored Cross-Site Scripting issue...

CVE-2021-24172

The CVE-2021-24172 entry applies to the WordPress VM Backups plugin (versions up to 1.0). The underlying issue is missing CSRF checks in the plugin, which could allow an authenticated attacker to induce a logged-in user to perform actions such as generating backups of the database, plugins, and c...

CVE-2021-24173

CVE-2021-24173 affects the VM Backups WordPress plugin (versions up to 1.0). The vulnerability arises from missing CSRF checks, enabling a logged-in attacker to perform unwanted actions (e.g., updating plugin options) that can lead to Stored Cross-Site Scripting. The available connected sources c...

WordPress VM Backups 跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress.Plugins for WordPress. VM Backups WordPress...

VM Backups <= 1.0 - CSRF to Stored Cross-Site Scripting (XSS)

The plugin does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as update the plugin's options, leading to a Stored Cross-Site Scripting issue. PoC The PoC will be displayed once the issue has been remediated...

VM Backups <= 1.0 - CSRF to Stored Cross-Site Scripting (XSS)

The plugin does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as update the plugin's options, leading to a Stored Cross-Site Scripting issue. The PoC will be displayed once the issue has been remediated...

Veeam ONE and Automation Services

Challenge The suggestions below leverage the functionality of Veeam ONE in order to automate some administration tasks. Cause To be able to use the steps below, make sure you are using Veeam Availability Suite 8 or newer version. Solution VM with no backup 1. Create VM backup alarm in Veeam ONE...

Tape configuration restore

Challenge Due to architecture limitations, configuration backups created with Veeam Backup & Replication 7.0 did not capture database records that were responsible for displaying VMs processed with jobs in the Veeam Backup & Replication console. These limitations applied to all types of jobs,...