CVE-2023-5505
- EPSS 0.56%
- Veröffentlicht 17.08.2024 09:15:07
- Zuletzt bearbeitet 10.04.2025 20:50:45
The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the job-specific backup folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they c...
CVE-2023-7164
- EPSS 34.17%
- Veröffentlicht 08.04.2024 18:15:08
- Zuletzt bearbeitet 11.04.2025 12:53:18
The BackWPup WordPress plugin before 4.0.4 does not prevent Directory Listing in its temporary backup folder, allowing unauthenticated attackers to download backups of a site's database.
CVE-2023-5775
- EPSS 0.16%
- Veröffentlicht 26.02.2024 16:27:49
- Zuletzt bearbeitet 05.02.2025 21:31:23
The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it ...
CVE-2023-5504
- EPSS 0.53%
- Veröffentlicht 11.01.2024 09:15:47
- Zuletzt bearbeitet 21.11.2024 08:41:54
The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be writt...
CVE-2017-2551
- EPSS 0.58%
- Veröffentlicht 28.09.2017 01:29:02
- Zuletzt bearbeitet 20.04.2025 01:37:25
Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download.