2 matches found
CVE-2021-24173
CVE-2021-24173 affects the VM Backups WordPress plugin (versions up to 1.0). The vulnerability arises from missing CSRF checks, enabling a logged-in attacker to perform unwanted actions (e.g., updating plugin options) that can lead to Stored Cross-Site Scripting. The available connected sources c...
CVE-2021-24172
The CVE-2021-24172 entry applies to the WordPress VM Backups plugin (versions up to 1.0). The underlying issue is missing CSRF checks in the plugin, which could allow an authenticated attacker to induce a logged-in user to perform actions such as generating backups of the database, plugins, and c...