9 matches found
CVE-2023-6553
The CVE affects the WordPress Backup Migration plugin (
CVE-2023-6266
CVE-2023-6266 - WordPress Backup Migration plugin : Concrete details show a path traversal/file validation flaw in the BMI_BACKUP path within the handle_downloading function, affecting all versions up to 1.3.6. Unauthenticated attackers can download backup files containing sensitive data (e.g., p...
CVE-2023-6972
CVE-2023-6972 applies to the Backup Migration plugin for WordPress, vulnerable in all versions up to 1.3.9. The root cause is a path traversal vulnerability exploitable via the content-backups, content-name, content-manifest, content-bmitmp, and content-identy HTTP headers, enabling an unauthenti...
CVE-2023-7002
CVE-2023-7002 affects the WordPress plugin Backup Migration (backup-backup). It enables OS Command Injection via the url parameter in versions up to 1.3.9. Exploitation requires administrator-level privileges or higher, allowing arbitrary commands to run on the host. Current connected data indica...
CVE-2023-6271
CVE-2023-6271 affects the Backup Migration WordPress plugin prior to 1.3.6. Root cause: in-progress backups information is stored in publicly accessible files, enabling potential disclosure of backup data. Impact: information exposure of backups; exploitation details not provided in the sources. ...
CVE-2023-0958
CVE-2023-0958 affects WordPress plugins developed by Inisev that expose an inisev_installation AJAX action. The root cause is a missing capability check in the handle_installation function, enabling an authenticated attacker with minimal privileges (e.g., a subscriber) to install select Inisev pl...
CVE-2023-6971
The Backup Migration plugin for WordPress (versions 1.0.8–1.3.9) is affected by CVE-2023-6971 due to a Remote File Inclusion via the content-dir header, enabling unauthenticated code execution when PHP is configured with allow_url_include=-on. The issue is exploitable under specific PHP configura...
CVE-2021-36884
The CVE-2021-36884 entry concerns the WordPress Backup Migration plugin for WordPress, affected in versions up to 1.1.5. Affected component is the plugin’s settings handling, where insufficient sanitisation/escaping allows an authenticated user to perform a persistent XSS attack (stored in the co...
CVE-2023-3977
CVE-2023-3977 describes a Cross‑Site Request Forgery (CSRF) in multiple Inisev WordPress plugins, due to a missing nonce on the handle_installation function invoked by inisev_installation via AJAX. This enables unauthenticated attackers to trigger installation of plugins from a limited list if a ...