CVE-2024-3546
- EPSS 0.31%
- Veröffentlicht 02.05.2024 17:15:26
- Zuletzt bearbeitet 21.11.2024 09:29:50
The WordPress Backup & Migration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wp_mgdp_populate_popup function in all versions up to, and including, 1.4.8. This makes it possible for authen...
CVE-2024-31254
- EPSS 0.96%
- Veröffentlicht 10.04.2024 16:15:13
- Zuletzt bearbeitet 08.04.2025 16:37:46
Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through 1.4.7.
CVE-2023-5737
- EPSS 0.07%
- Veröffentlicht 27.11.2023 17:15:09
- Zuletzt bearbeitet 21.11.2024 08:42:23
The WordPress Backup & Migration WordPress plugin before 1.4.4 does not authorize some AJAX requests, allowing users with a role as low as Subscriber to update some plugin settings.
CVE-2023-5738
- EPSS 0.11%
- Veröffentlicht 27.11.2023 17:15:09
- Zuletzt bearbeitet 21.11.2024 08:42:23
The WordPress Backup & Migration WordPress plugin before 1.4.4 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks.