Backupbliss

Backup Migration

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2023-6266

  • EPSS 0.7%
  • Veröffentlicht 11.01.2024 09:15:48
  • Zuletzt bearbeitet 21.11.2024 08:43:29

The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMI_BACKUP case of the handle_downloading function in all versions up to, and including, 1.3.6. This makes it p...

7.5

CVE-2023-6271

Exploit
  • EPSS 0.39%
  • Veröffentlicht 01.01.2024 15:15:43
  • Zuletzt bearbeitet 11.06.2025 17:15:38

The Backup Migration WordPress plugin before 1.3.6 stores in-progress backups information in easy to find, publicly-accessible files, which may allow attackers monitoring those to leak sensitive information from the site's backups.

9.8

CVE-2023-6971

  • EPSS 9.06%
  • Veröffentlicht 23.12.2023 02:15:45
  • Zuletzt bearbeitet 21.11.2024 08:44:57

The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in co...

9.8

CVE-2023-6972

  • EPSS 3.77%
  • Veröffentlicht 23.12.2023 02:15:45
  • Zuletzt bearbeitet 21.11.2024 08:44:57

The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and 'content-name', 'content-manifest', or 'content-bmitmp' and 'content-identy' HTTP headers. This makes ...

7.2

CVE-2023-7002

Exploit
  • EPSS 23.15%
  • Veröffentlicht 23.12.2023 02:15:45
  • Zuletzt bearbeitet 21.11.2024 08:45:00

The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up to, and including, 1.3.9 via the 'url' parameter. This vulnerability allows authenticated attackers, with administrator-level permissions and above, t...

9.8

CVE-2023-6553

  • EPSS 93.09%
  • Veröffentlicht 15.12.2023 11:15:47
  • Zuletzt bearbeitet 21.11.2024 08:44:05

The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, an...

4.3

CVE-2023-3977

Exploit
  • EPSS 0.45%
  • Veröffentlicht 28.07.2023 05:15:11
  • Zuletzt bearbeitet 03.04.2025 12:44:20

Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is called via the inisev_installation AJAX aciton in va...

6.5

CVE-2023-0958

  • EPSS 0.22%
  • Veröffentlicht 28.07.2023 05:15:09
  • Zuletzt bearbeitet 03.04.2025 12:44:20

Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This make...

5.4

CVE-2021-36884

  • EPSS 0.22%
  • Veröffentlicht 19.11.2021 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:14:14

Authenticated Persistent Cross-Site Scripting (XSS) vulnerability discovered in WordPress Backup Migration plugin <= 1.1.5 versions.