cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2024-43268,https://securityvulnerability.io/vulnerability/CVE-2024-43268,WordPress Backup and Restore WordPress plugin <= 1.50 - Broken Access Control vulnerability,"Access Control vulnerability in WPBackItUp Backup and Restore WordPress allows . This issue affects Backup and Restore WordPress: from n/a through 1.50.",Wordpress,Backup And Restore WordPress,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-11-01T14:17:34.449Z,0 CVE-2024-43270,https://securityvulnerability.io/vulnerability/CVE-2024-43270,WordPress Backup and Restore WordPress plugin <= 1.50 - Unauthenticated Broken Access Control vulnerability,Missing Authorization vulnerability in WPBackItUp Backup and Restore WordPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Backup and Restore WordPress: from n/a through 1.50.,Wordpress,Backup And Restore WordPress,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-11-01T14:17:33.842Z,0 CVE-2024-43269,https://securityvulnerability.io/vulnerability/CVE-2024-43269,CSRF Vulnerability Affects WPBackItUp Backup and Restore WordPress,Cross-Site Request Forgery (CSRF) vulnerability in WPBackItUp Backup and Restore WordPress.This issue affects Backup and Restore WordPress: from n/a through 1.50.,Wordpress,Backup And Restore WordPress,4.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-08-26T21:15:00.000Z,0 CVE-2023-5505,https://securityvulnerability.io/vulnerability/CVE-2023-5505,BackWPup Plugin Vulnerable to Directory Traversal,"The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the job-specific backup folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default settings will place an index.php and a .htaccess file into the chosen directory (unless already present) when the first backup job is run that are intended to prevent directory listing and file access. This means that an attacker could set the backup directory to the root of another site in a shared environment and thus disable that site.",Wordpress,BackWPup – WordPress Backup & Restore Plugin,6.8,MEDIUM,0.0006799999973736703,false,,false,false,false,,false,false,2024-08-17T08:37:24.102Z,0 CVE-2024-3412,https://securityvulnerability.io/vulnerability/CVE-2024-3412,Arbitrary File Upload Vulnerability in WP STAGING WordPress Backup Plugin,"The WP STAGING WordPress Backup Plugin – Migration Backup Restore is susceptible to arbitrary file upload vulnerabilities due to inadequate file type validation in the wpstg_processing AJAX action. This flaw affects all versions up to and including 3.4.3, allowing authenticated attackers with administrator-level access to upload unauthorized files to the server. Such actions could potentially lead to remote code execution, compromising the security of the affected WordPress site.",Wordpress,WP Staging WordPress Backup Plugin – Migration Backup Restore,9.1,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-29T08:30:06.099Z,0 CVE-2023-7232,https://securityvulnerability.io/vulnerability/CVE-2023-7232,Unauthenticated Access to Sensitive Log Data in Backup and Restore WordPress Plugin,"The Backup and Restore WordPress WordPress plugin through 1.45 does not protect some log files containing sensitive information such as site configuration etc, allowing unauthenticated users to access such data",Wordpress,Backup And Restore WordPress,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-03-26T05:00:02.063Z,0 CVE-2023-52185,https://securityvulnerability.io/vulnerability/CVE-2023-52185,WordPress Everest Backup Plugin <= 2.1.9 is vulnerable to Sensitive Data Exposure,"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Everestthemes Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin.This issue affects Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin: from n/a through 2.1.9. ",Wordpress,"Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin",5.3,MEDIUM,0.0011099999537691474,false,,false,false,false,,false,false,2023-12-31T17:15:00.000Z,0 CVE-2022-4932,https://securityvulnerability.io/vulnerability/CVE-2022-4932,Information Disclosure Vulnerability in Total Upkeep Plugin for WordPress,"The Total Upkeep plugin for WordPress is susceptible to an information disclosure vulnerability that allows authenticated attackers, with subscriber-level permissions or higher, to access sensitive backup paths. This issue arises from insufficient authorization in the heartbeat_received() function, triggered by WordPress heartbeats. Exploiting this vulnerability could enable attackers to download critical backup files, potentially compromising the integrity and confidentiality of the site's data.",Wordpress,Total Upkeep – WordPress Backup Plugin Plus Restore & Migrate By Boldgrid,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2023-03-07T14:47:47.177Z,0 CVE-2022-0444,https://securityvulnerability.io/vulnerability/CVE-2022-0444,XCloner < 4.3.6 - Plugin Settings Reset,"The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key.",Wordpress,"Backup, Restore and Migrate WordPress Sites With the XCloner Plugin",4.3,MEDIUM,0.0009399999980814755,false,,false,false,false,,false,false,2022-06-27T08:55:47.000Z,0