cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-5551,https://securityvulnerability.io/vulnerability/CVE-2024-5551,Cross-Site Request Forgery Vulnerability in WordPress Backup Plugin,"The WP STAGING Pro WordPress Backup Plugin is affected by a Cross-Site Request Forgery vulnerability that allows unauthenticated attackers to exploit missing or incorrectly implemented nonce validation on the 'sub' parameter. This flaw enables attackers to manipulate site administrators into executing malicious requests, which can result in the exposure of local files ending in '-settings.php'. This vulnerability is present in all versions up to and including 5.6.0, posing significant risks for users relying on this backup solution.",Wordpress,WP Staging Pro WordPress Backup Plugin,8.8,HIGH,0.0005499999970197678,false,,false,false,false,,false,false,2024-06-14T05:39:14.293Z,0
CVE-2024-4469,https://securityvulnerability.io/vulnerability/CVE-2024-4469,SSRF Attacks in Multisite Configurations,"The WP STAGING WordPress Backup Plugin  WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations.",Wordpress,WP Staging WordPress Backup Plugin,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-05-31T06:00:02.266Z,0
CVE-2024-3412,https://securityvulnerability.io/vulnerability/CVE-2024-3412,Arbitrary File Upload Vulnerability in WP STAGING WordPress Backup Plugin,"The WP STAGING WordPress Backup Plugin – Migration Backup Restore is susceptible to arbitrary file upload vulnerabilities due to inadequate file type validation in the wpstg_processing AJAX action. This flaw affects all versions up to and including 3.4.3, allowing authenticated attackers with administrator-level access to upload unauthorized files to the server. Such actions could potentially lead to remote code execution, compromising the security of the affected WordPress site.",Wordpress,WP Staging WordPress Backup Plugin – Migration Backup Restore,9.1,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-29T08:30:06.099Z,0
CVE-2024-2309,https://securityvulnerability.io/vulnerability/CVE-2024-2309,Unfiltered HTML Setting Vulnerability in WP STAGING WordPress Backup Plugin Could Lead to Stored Cross-Site Scripting Attacks,"The WP STAGING WordPress Backup Plugin  WordPress plugin before 3.4.0, wp-staging-pro WordPress plugin before 5.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)",Wordpress,"WP Staging WordPress Backup Plugin,WP-staging-pro",,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-04-17T05:00:03.096Z,0
CVE-2023-7204,https://securityvulnerability.io/vulnerability/CVE-2023-7204,WP STAGING WordPress Backup Plugin < 3.2.0 - Unauthorized Sensitive Data Exposure,"The WP STAGING WordPress Backup plugin, prior to version 3.2.0, contains a security flaw that allows unauthorized access to cache files during the cloning process. This vulnerability poses a risk to data confidentiality, as sensitive information may be exposed to unauthorized parties. Users of this plugin are encouraged to update to the latest version to mitigate the risks associated with this vulnerability.",Wordpress,WP Staging WordPress Backup Plugin,7.5,HIGH,0.001290000043809414,false,,false,false,true,true,false,false,2024-01-29T14:44:21.464Z,0
CVE-2023-6113,https://securityvulnerability.io/vulnerability/CVE-2023-6113,"WP Staging (Free < 3.1.3, Pro < 5.1.3) - Unauthenticated Backup Download","The WP STAGING WordPress Backup Plugin and its Pro version are susceptible to a critical vulnerability that allows unauthorized users to access ongoing backup processes. This exposure can lead to sensitive data being downloaded by unauthenticated attackers, posing significant risks to the information integrity of WordPress sites. Users of affected versions are strongly advised to update to the latest releases to mitigate these risks.",Wordpress,"WP STAGING WordPress Backup Plugin,WP STAGING Pro WordPress Backup Plugin",7.5,HIGH,0.001769999973475933,false,,false,false,true,true,false,false,2024-01-01T15:15:00.000Z,0