137 matches found
CVE-2026-57757
CVE-2026-57757 concerns the WordPress plugin pCloud WP Backup (versions
CVE-2026-9834 WP Database Backup <= 7.11 - Authenticated (Administrator+) OS Command Injection via 'wp_db_exclude_table' Parameter
The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to OS Command Injection in all versions up to and including 7.11 via the wpdbexcludetable parameter. This is due to the direct concatenation of user-supplied $POST'wpdbexcludetable' valu...
PT-2026-55045
Name of the Vulnerable Software and Affected Versions pCloud WP Backup versions prior to 2.0.3 Description An unauthenticated Cross Site Request Forgery CSRF issue exists in the pCloud WP Backup plugin. CSRF is a flaw that allows an attacker to trick a victim into performing actions they did not...
CVE-2026-39480 WordPress Backup Migration plugin <= 2.1.1 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Backup Migration = 2.1.1 versions...
CVE-2026-42760 WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.25 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Password Recovery Exploitation.This issue affects Backup and Staging by WP Time Capsule: from n/a through = 1.22.25...
EUVD-2026-32208
Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Password Recovery Exploitation.This issue affects Backup and Staging by WP Time Capsule: from n/a through = 1.22.25...
CVE-2026-42760
CVE-2026-42760 concerns the WordPress plugin “Backup and Staging by WP Time Capsule” (revmakx) where the vulnerability enables an authentication bypass via an alternate path or channel, enabling password-recovery exploitation. Affected: wp-time-capsule plugin versions from n/a up to and including...
CVE-2021-47979
WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. Attackers can send POST requests to admin-ajax.php with crafted filename and foldername parameters to delete...
CVE-2021-47979
CVE-2021-47979 affects WordPress Plugin Backup and Restore 1.0.3. An arbitrary file deletion vulnerability exists in which authenticated attackers can delete arbitrary files by crafting file_name and folder_name parameters in POST requests to admin-ajax.php, enabling file system modification with...
CVE-2023-54346
WordPress Plugin Backup Migration 1.2.8 suffers information-disclosure: unauthenticated attackers can download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories via configuration files and logs to construct direct download URLs. No remediati...
CVE-2023-54346
WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories through configuration files and complete logs, then...
CVE-2026-3143
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxclicancel' function in all versions up to, and including, 1.17.1. This makes it possible for...
CVE-2026-3143
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxclicancel' function in all versions up to, and including, 1.17.1. This makes it possible for...
CVE-2026-3143 Total Upkeep <= 1.17.1 - Missing Authorization to Unauthenticated Rollback Cancellation
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxclicancel' function in all versions up to, and including, 1.17.1. This makes it possible for...
EUVD-2026-26502
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxclicancel' function in all versions up to, and including, 1.17.1. This makes it possible for...
WordPress Royal WordPress Backup & Restore Plugin plugin <= 1.0.16 - Reflected Cross-Site Scripting via 'wpr_pending_template' Parameter vulnerability
Reflected Cross-Site Scripting via 'wprpendingtemplate' Parameter vulnerability discovered by Abi Wiranata in WordPress Plugin Royal WordPress Backup, Restore & Migration versions = 1.0.16...
Exploit for Code Injection in Backupbliss Backup_Migration
🔥 CVE-2023-6553 — WordPress Backup Migration RCE Unauthen...
PT-2026-31848
Name of the Vulnerable Software and Affected Versions The Royal WordPress Backup & Restore Plugin versions up to and including 1.0.16 Description The Royal WordPress Backup & Restore Plugin for WordPress is susceptible to Reflected Cross-Site Scripting through the wpr pending template parameter d...
WordPress plugin Royal WordPress Backup & Restore Plugin 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress Backup Migration plugin <= 2.1.1 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by ch4r0n in WordPress Plugin Backup Migration versions = 2.1.1...