cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-3034,https://securityvulnerability.io/vulnerability/CVE-2024-3034,BackUpWordPress Plugin Vulnerable to Directory Traversal,"The BackUpWordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.13 via the hmbkp_directory_browse parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to traverse directories outside of the context in which the plugin should allow.",Wordpress,BackupWordPress,2.7,LOW,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-27T04:33:28.612Z,0
CVE-2022-4931,https://securityvulnerability.io/vulnerability/CVE-2022-4931,Information Disclosure Vulnerability in BackupWordPress Plugin by WordPress,"The BackupWordPress plugin for WordPress is susceptible to an information disclosure vulnerability due to inadequate authorization checks within the heartbeat_received() function. This function, which activates during the WordPress heartbeat process, allows authenticated users with subscriber-level permissions and higher to access sensitive backup paths. These paths can be exploited to download backups, potentially compromising sensitive data.",Wordpress,BackupWordPress,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2023-03-07T14:43:32.933Z,0
CVE-2007-5800,https://securityvulnerability.io/vulnerability/CVE-2007-5800,,"Multiple PHP remote file inclusion vulnerabilities in the BackUpWordPress 0.4.2b and earlier plugin for WordPress allow remote attackers to execute arbitrary PHP code via a URL in the bkpwp_plugin_path parameter to (1) plugins/BackUp/Archive.php; and (2) Predicate.php, (3) Writer.php, (4) Reader.php, and other unspecified scripts under plugins/BackUp/Archive/.",Wordpress,BackupWordPress Plugin,,,0.10197000205516815,false,,false,false,false,,false,false,2007-11-03T00:00:00.000Z,0