CVE-2024-2309

The WP STAGING WordPress Backup Plugin WordPress plugin before 3.4.0, wp-staging-pro WordPress plugin before 5.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml...

CVE-2024-3682

The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable to Sensitive Information Exposure in versions up to, and including, 3.4.3, and versions up to, and including, 5.4.3, respectively, via the ajaxSendReport function. This makes it possible for unauthenticated attackers to extrac...

CVE-2022-2737

The WP STAGING WordPress plugin before 2.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-3104

The WP STAGING Pro WordPress Backup Plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 6.1.2 due to missing capability checks on the getOutdatedPluginsRequest function. This makes it possible for unauthenticated attackers to reveal outdated installed...

CVE-2025-3104 WP Staging Pro <= 6.1.2 - Unauthenticated Information Exposure via getOutdatedPluginsRequest Function

The WP STAGING Pro WordPress Backup Plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 6.1.2 due to missing capability checks on the getOutdatedPluginsRequest function. This makes it possible for unauthenticated attackers to reveal outdated installed...

CVE-2025-3104

CVE-2025-3104 affects the WP STAGING Pro WordPress Backup Plugin for WordPress (versions up to 6.1.2). The issue arises from missing capability checks in getOutdatedPluginsRequest(), enabling unauthenticated disclosure of outdated installed plugins. Impact is information exposure; CVSS 3.1 base s...

CVE-2025-3104 WP Staging Pro <= 6.1.2 - Unauthenticated Information Exposure via getOutdatedPluginsRequest Function

The WP STAGING Pro WordPress Backup Plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 6.1.2 due to missing capability checks on the getOutdatedPluginsRequest function. This makes it possible for unauthenticated attackers to reveal outdated installed...

WordPress WP Staging Pro plugin <= 6.1.2 - Unauthenticated Information Exposure via getOutdatedPluginsRequest Function vulnerability

Unauthenticated Information Exposure via getOutdatedPluginsRequest Function vulnerability discovered by haidv35 in WordPress Plugin Wp Staging Pro versions = 6.1.2...

CVE-2024-3412

The WP STAGING WordPress Backup Plugin – Migration Backup Restore plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpstgprocessing AJAX action in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers, wi...

CVE-2024-23506

Insertion of Sensitive Information Into Sent Data vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through = 0.1.0.9...

CVE-2024-5551

The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the 'sub' parameter called from the WP STAGING WordPress Backup Plugin - Backup Duplicat...

CVE-2024-5551

The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the 'sub' parameter called from the WP STAGING WordPress Backup Plugin - Backup Duplicat...

CVE-2024-5551 WP STAGING PRO - Backup Duplicator & Migration <= 5.6.0 - Cross-Site Request Forgery to Limited Local File Inclusion

The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the 'sub' parameter called from the WP STAGING WordPress Backup Plugin - Backup Duplicat...

CVE-2024-5551

CVE-2024-5551 affects the WP STAGING Pro WordPress Backup Plugin. The vulnerability is a Cross-Site Forgery (CSRF) issue caused by missing/incorrect nonce validation on the sub parameter, allowing unauthenticated attackers to trigger actions that end in Local File Inclusion of files ending with -...

Wordpress Wp Staging Pro plugin <= 5.6.0 - Cross-Site Request Forgery to Limited Local File Inclusion vulnerability

Cross-Site Request Forgery to Limited Local File Inclusion vulnerability discovered by stealthcopter in WordPress Plugin Wp Staging Pro versions = 5.6.0...

WordPress plugin WP STAGING Pro WordPress Backup Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WP STAGING...

WordPress Wp Staging Pro Plugin <= 5.6.0 is vulnerable to Local File Inclusion

Software Wp Staging Pro Type Plugin Vulnerable versions = 5.6.0 Fixed in 5.6.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-5551 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 9b2908e7bf24 Credits stealthcopter Required privilege...

CVE-2024-4469 Migration Backup Restore < 3.5.0 - Admin+ SSRF

The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations...

WordPress WP STAGING – Backup Duplicator & Migration Plugin < 3.5.0 is vulnerable to Server Side Request Forgery (SSRF)

Software WP STAGING – Backup Duplicator & Migration Type Plugin Vulnerable versions 3.5.0 Fixed in 3.5.0 OWASP Top 10 A1: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2024-4469 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID 76283163b094...

PT-2024-31213 · WordPress · Wp Staging

Name of the Vulnerable Software and Affected Versions: WP STAGING WordPress Backup Plugin versions prior to 3.5.0 Description: The issue allows users with the administrator role to conduct SSRF attacks, which may be problematic in multisite configurations. This is due to the lack of prevention of...