CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31254 – WordPress WordPress Backup & Migration plugin <= 1.4.7 - Sensitive Data Exposure via Log File vulnerability
https://notcve.org/view.php?id=CVE-2024-31254
Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through 1.4.7. The WordPress Backup & Migration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.7 via log files. This makes it possible for unauthenticated attackers to extract sensitive data from log files. • https://patchstack.com/database/vulnerability/wp-migration-duplicator/wordpress-wordpress-backup-migration-plugin-1-4-7-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51681 – WordPress Duplicator Plugin <= 1.5.7 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-51681
Cross-Site Request Forgery (CSRF) vulnerability in Duplicator Duplicator – WordPress Migration & Backup Plugin.This issue affects Duplicator – WordPress Migration & Backup Plugin: from n/a through 1.5.7. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Duplicator Duplicator – WordPress Migration & Backup Plugin. Este problema afecta a Duplicator – Complemento de copia de seguridad y migración de WordPress: desde n/a hasta 1.5.7. The Duplicator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. This is due to missing or incorrect nonce validation in the views/tools/diagnostics/information.php file. • https://https://patchstack.com/database/vulnerability/duplicator/wordpress-duplicator-plugin-1-5-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49835 – Post Duplicator <= 2.31 - Missing Authorization via mtphr_duplicate_post
https://notcve.org/view.php?id=CVE-2023-49835
The Post Duplicator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mtphr_duplicate_post function in versions up to, and including, 2.31. This makes it possible for authenticated attackers, with contributor-level access and above, to publish posts upon duplication. • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45636 – WordPress Backup & Migration <= 1.4.1 - Missing Authorization to Settings and Schedule Modification
https://notcve.org/view.php?id=CVE-2023-45636
The WordPress Backup & Migration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wt_save_settings and save_schedule functions in versions up to, and including, 1.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify plugin settings or the cron schedule. • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31214 – WP Quick Post Duplicator <= 2.0 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-31214
The WP Quick Post Duplicator plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the apj_duplicate_post_as_a_draft() function in versions up to, and including, 2.0. This makes it possible for authenticated attackers, with contributor-level access and above, to duplicate arbitrary posts that may have protected content. • CWE-862: Missing Authorization •