Lucene search
K
BackupblissClone

5 matches found

CVE
CVE
added 2024/01/08 7:0 p.m.69 views

CVE-2023-6750

CVE-2023-6750 affects the Clone WordPress backup plugin prior to 2.4.3. Root cause: it stores in-progress backup information in buffer files at a publicly accessible, hard-coded path, enabling unauthenticated access. Impact (per available sources): exposure of backup data via unauthenticated acce...

7.5CVSS7.6AI score0.01961EPSS
CVE
CVE
added 2023/07/28 4:37 a.m.66 views

CVE-2023-0958

CVE-2023-0958 affects WordPress plugins developed by Inisev that expose an inisev_installation AJAX action. The root cause is a missing capability check in the handle_installation function, enabling an authenticated attacker with minimal privileges (e.g., a subscriber) to install select Inisev pl...

6.5CVSS6.4AI score0.00557EPSS
CVE
CVE
added 2024/11/01 2:17 p.m.54 views

CVE-2024-43298

CVE-2024-43298 pertains to the WordPress plugin “Clone” (WP Clone by WP Academy). Connected documents confirm a Missing Authorization / Broken Access Control vulnerability in Clone versions n/a through 2.4.5. The CVSS data from NVD indicates high impact (C, I, A high) with network attack vector a...

8.8CVSS5.7AI score0.0044EPSS
CVE
CVE
added 2024/11/01 2:17 p.m.53 views

CVE-2024-43297

CVE-2024-43297 : The Red Hat/WordPress vulnerability description indicates a Missing Authorization (Broken Access Control) flaw in the WordPress Clone plugin up to version 2.4.5, allowing unauthorized access due to misconfigured access control. The description does not specify an affected vendor/...

8.8CVSS5.7AI score0.0044EPSS
CVE
CVE
added 2023/07/28 4:37 a.m.47 views

CVE-2023-3977

CVE-2023-3977 describes a Cross‑Site Request Forgery (CSRF) in multiple Inisev WordPress plugins, due to a missing nonce on the handle_installation function invoked by inisev_installation via AJAX. This enables unauthenticated attackers to trigger installation of plugins from a limited list if a ...

4.3CVSS4.7AI score0.00512EPSS