cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-9290,https://securityvulnerability.io/vulnerability/CVE-2024-9290,Arbitrary File Upload Vulnerability in Super Backup & Clone - Migrate for WordPress,"CVE-2024-9290 highlights a critical vulnerability within the Super Backup & Clone - Migrate for WordPress plugin. The flaw arises from inadequate file type validation and a lack of capability checks in the ibk_restore_migrate_check() function. This vulnerability affects all versions up to and including 2.3.3, allowing unauthenticated attackers to upload arbitrary files to the server hosting the affected WordPress site. If successfully exploited, this may lead to remote code execution, significantly compromising the security of the site. Site administrators are highly advised to take immediate action to mitigate this risk.",Wordpress,Super Backup & Clone - Migrate For WordPress,9.8,CRITICAL,0.000910000002477318,false,,false,false,true,true,false,false,2024-12-13T09:27:28.638Z,331
CVE-2024-10913,https://securityvulnerability.io/vulnerability/CVE-2024-10913,Unauthenticated PHP Object Injection Vulnerability in WordPress Clone Plugin,"The WP Clone plugin for WordPress has a vulnerability that enables PHP Object Injection through deserialization of untrusted input in the 'recursive_unserialized_replace' function. This issue exists in all versions up to and including 2.4.6, allowing unauthenticated attackers to potentially inject malicious PHP Objects. While no known PHP Object Protocol (POP) chain exists within the plugin itself, the presence of additional plugins or themes may allow for significant threats, such as the ability to delete arbitrary files, obtain sensitive data, or execute arbitrary code.",Wordpress,Clone,8.8,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-11-20T13:55:12.878Z,0
CVE-2024-5942,https://securityvulnerability.io/vulnerability/CVE-2024-5942,Vulnerability in Page and Post Clone Plugin Allows Authenticated Attackers to Clone and Read Private Posts,"The Page and Post Clone plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.0 via the 'content_clone' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to clone and read private posts.",Wordpress,Page And Post Clone,5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-06-29T04:33:27.112Z,0
CVE-2024-2294,https://securityvulnerability.io/vulnerability/CVE-2024-2294,Arbitrary File Access Vulnerability in Backuply Plugin for WordPress,"The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.7 via the backup_name parameter in the backuply_download_backup function. This makes it possible for attackers to have an account with only activate_plugins capability to access arbitrary files on the server, which can contain sensitive information. This only impacts sites hosted on Windows servers.",Wordpress,"Backuply – Backup, Restore, Migrate And Clone",4.9,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-16T01:55:44.198Z,0
CVE-2024-0842,https://securityvulnerability.io/vulnerability/CVE-2024-0842,Backuply Plugin Vulnerable to Denial of Service Attacks,"The Backuply plugin for WordPress, designed for backup and migration tasks, exhibits a vulnerability that allows unauthenticated attackers to exploit the backuply/restore_ins.php file. This vulnerability enables attackers to send excessive requests to the server, potentially leading to resource depletion and service disruption. All versions up to and including 1.2.5 are affected, underscoring the need for immediate action to secure user environments and mitigate potential risks associated with this vulnerability.",Wordpress,"Backuply – Backup, Restore, Migrate And Clone",7.5,HIGH,0.0005499999970197678,false,,false,false,false,,false,false,2024-02-09T04:31:54.615Z,0
CVE-2024-0697,https://securityvulnerability.io/vulnerability/CVE-2024-0697,Directory Traversal Vulnerability in Backuply Plugin for WordPress,"The Backuply plugin for WordPress is exposed to a Directory Traversal vulnerability due to a flaw in the backuply_get_jstree function, specifically via the node_id parameter. This allows users with administrator privileges to access and read sensitive files on the server, which could lead to unauthorized disclosure of personal or confidential data. This issue affects all versions up to and including 1.2.3, prompting the need for immediate attention and patching.",Wordpress,"Backuply – Backup, Restore, Migrate and Clone",4.9,MEDIUM,0.0006200000061653554,false,,false,false,false,,false,false,2024-01-27T04:31:29.644Z,0
CVE-2023-6750,https://securityvulnerability.io/vulnerability/CVE-2023-6750,Buffer Storage Vulnerability in Clone WordPress Plugin Affects Website Security,"The Clone WordPress plugin versions prior to 2.4.3 contains a vulnerability that results from the use of buffer files for storing in-progress backup information. These files are saved at a publicly accessible and statically defined file path, severely compromising website security and potentially exposing sensitive data to unauthorized users.",Wordpress,Clone,7.5,HIGH,0.001550000044517219,false,,false,false,false,,false,false,2024-01-08T19:15:00.000Z,0
CVE-2023-52185,https://securityvulnerability.io/vulnerability/CVE-2023-52185,WordPress Everest Backup Plugin <= 2.1.9 is vulnerable to Sensitive Data Exposure,"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Everestthemes Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin.This issue affects Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin: from n/a through 2.1.9.

",Wordpress,"Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin",5.3,MEDIUM,0.0011099999537691474,false,,false,false,false,,false,false,2023-12-31T17:15:00.000Z,0
CVE-2023-3977,https://securityvulnerability.io/vulnerability/CVE-2023-3977,Cross-Site Request Forgery Vulnerability in Inisev WordPress Plugins,"Multiple Inisev plugins for WordPress are susceptible to Cross-Site Request Forgery attacks due to a missing nonce verification in the handle_installation function. This vulnerability enables unauthorized attackers to force plugin installations by tricking an admin into clicking a malicious link, thus executing forged requests. Affected plugins include Feedburner Alternative and RSS Redirect, Ultimate Social Media Icons, and several others. It is crucial for site administrators to be vigilant about potential social engineering tactics that exploit this flaw.",Wordpress,"SSL Mixed Content Fix,Duplicate Post,Social Share Icons & Social Share Buttons,Ultimate Posts Widget,Backup Migration,Pop-up,Redirection,Clone,Social Media Share Buttons & Social Sharing Icons,RSS Redirect & Feedburner Alternative,Enhanced Text Widget",4.3,MEDIUM,0.001829999964684248,false,,false,false,false,,false,false,2023-07-28T05:15:00.000Z,0
CVE-2023-0958,https://securityvulnerability.io/vulnerability/CVE-2023-0958,Unauthorized Plugin Installation in WordPress Plugins by Inisev,"Multiple WordPress plugins developed by Inisev are susceptible to a critical weakness that permits authenticated users, even those with minimal permissions, such as subscribers, to install specific plugins without proper authorization. This arises from a lack of capability verification in the function handling plugin installations, leading to potential exploitation and unauthorized control over affected sites. It is crucial for users of these plugins to take immediate action to secure their installations and prevent unwanted access.",Wordpress,"Ssl Mixed Content Fix,Duplicate Post,Social Share Icons & Social Share Buttons,Ultimate Posts Widget,Backup Migration,Pop-up,Redirection,Clone,Social Media Share Buttons & Social Sharing Icons,Rss Redirect & Feedburner Alternative,Enhanced Text Widget",4.3,MEDIUM,0.001449999981559813,false,,false,false,false,,false,false,2023-07-28T05:15:00.000Z,0
CVE-2021-24733,https://securityvulnerability.io/vulnerability/CVE-2021-24733,WP Post Page Clone < 1.2 - Unauthorised Post Access,The WP Post Page Clone WordPress plugin before 1.2 allows users with a role as low as Contributor to clone and view other users' draft and password-protected posts which they cannot view normally.,Wordpress,WP Post Page Clone,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-01-24T08:00:49.000Z,0