Cross-site scripting vulnerability in BackupGuard prior to version 1.1.47 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
6.1AI Score
0.001EPSS
The WordPress Backup and Migrate Plugin โ Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.
7.2CVSS
7AI Score
0.964EPSS