Lucene search
K
BackupblissBackup Migration

9 matches found

CVE
CVE
added 2023/12/15 10:59 a.m.190 views

CVE-2023-6553

The CVE affects the WordPress Backup Migration plugin (

9.8CVSS9.8AI score0.97846EPSS
In wildWeb
CVE
CVE
added 2024/01/11 8:32 a.m.107 views

CVE-2023-6266

CVE-2023-6266 - WordPress Backup Migration plugin : Concrete details show a path traversal/file validation flaw in the BMI_BACKUP path within the handle_downloading function, affecting all versions up to 1.3.6. Unauthenticated attackers can download backup files containing sensitive data (e.g., p...

7.5CVSS7.2AI score0.02072EPSS
In wild
CVE
CVE
added 2023/12/23 1:59 a.m.79 views

CVE-2023-6972

CVE-2023-6972 applies to the Backup Migration plugin for WordPress, vulnerable in all versions up to 1.3.9. The root cause is a path traversal vulnerability exploitable via the content-backups, content-name, content-manifest, content-bmitmp, and content-identy HTTP headers, enabling an unauthenti...

9.8CVSS9.7AI score0.0139EPSS
CVE
CVE
added 2023/12/23 1:59 a.m.72 views

CVE-2023-7002

CVE-2023-7002 affects the WordPress plugin Backup Migration (backup-backup). It enables OS Command Injection via the url parameter in versions up to 1.3.9. Exploitation requires administrator-level privileges or higher, allowing arbitrary commands to run on the host. Current connected data indica...

7.2CVSS8AI score0.45898EPSS
CVE
CVE
added 2024/01/01 2:18 p.m.70 views

CVE-2023-6271

CVE-2023-6271 affects the Backup Migration WordPress plugin prior to 1.3.6. Root cause: in-progress backups information is stored in publicly accessible files, enabling potential disclosure of backup data. Impact: information exposure of backups; exploitation details not provided in the sources. ...

7.5CVSS7.3AI score0.00688EPSS
CVE
CVE
added 2023/07/28 4:37 a.m.69 views

CVE-2023-0958

CVE-2023-0958 affects WordPress plugins developed by Inisev that expose an inisev_installation AJAX action. The root cause is a missing capability check in the handle_installation function, enabling an authenticated attacker with minimal privileges (e.g., a subscriber) to install select Inisev pl...

6.5CVSS6.4AI score0.00557EPSS
CVE
CVE
added 2023/12/23 1:59 a.m.63 views

CVE-2023-6971

The Backup Migration plugin for WordPress (versions 1.0.8–1.3.9) is affected by CVE-2023-6971 due to a Remote File Inclusion via the content-dir header, enabling unauthenticated code execution when PHP is configured with allow_url_include=-on. The issue is exploitable under specific PHP configura...

9.8CVSS9.7AI score0.06419EPSS
CVE
CVE
added 2021/11/19 6:19 p.m.54 views

CVE-2021-36884

The CVE-2021-36884 entry concerns the WordPress Backup Migration plugin for WordPress, affected in versions up to 1.1.5. Affected component is the plugin’s settings handling, where insufficient sanitisation/escaping allows an authenticated user to perform a persistent XSS attack (stored in the co...

5.4CVSS5.1AI score0.00552EPSS
CVE
CVE
added 2023/07/28 4:37 a.m.48 views

CVE-2023-3977

CVE-2023-3977 describes a Cross‑Site Request Forgery (CSRF) in multiple Inisev WordPress plugins, due to a missing nonce on the handle_installation function invoked by inisev_installation via AJAX. This enables unauthenticated attackers to trigger installation of plugins from a limited list if a ...

4.3CVSS4.7AI score0.00512EPSS