6 results (0.009 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting The BackupBuddy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting several parameters in versions up to, and including, 8.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/7b0eeafe-b9bc-43b2-8487-a23d3960f73f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 0

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1. The BackupBuddy plugin for WordPress is vulnerable to unauthenticated arbitrary file downloads via the 'local-download' found in the backupbuddy_local_download() function in versions 8.5.8.0 to 8.7.4.1. This is due to a missing capability check and nonce check on the affected function that is called via an admin_init hook along with insufficient file path validation on the supplied download file. This makes is possible for unauthenticated attackers to supply the complete path to a file, or use directory traversal techniques, to read any file hosted on the server. This includes sensitive files such as /etc/passwd and /wp-config.php. • https://ithemes.com/blog/wordpress-vulnerability-report-special-edition-september-6-2022-backupbuddy https://patchstack.com/database/vulnerability/backupbuddy/wordpress-backup-buddy-plugin-8-5-8-0-8-7-4-1-unauthenticated-path-traversal-arbitrary-file-download-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-73: External Control of File Name or Path •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 2

importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive information, or overwrite or delete files, via vectors involving a (1) direct request, (2) step=1 request, (3) step=2 or step=3 request, or (4) step=7 request. importbuddy.php en el complemento BackupBuddy v1.3.4, v2.1.4, v2.2.25, v2.2.28, y v2.2.4 para WordPress no requiere autenticación, lo que permite a atacantes remotos obtener información o sobreescribir o borrar ficheros, a través de vectores (1) petición directa, (2) step=1 petición, (3) step=2 o step=3 peticiónt, o (4) step=7 petición. • http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html http://packetstormsecurity.com/files/120923 • CWE-287: Improper Authentication •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 2

importbuddy.php in the BackupBuddy plugin 2.2.25 for WordPress allows remote attackers to obtain configuration information via a step 0 phpinfo action, which calls the phpinfo function. importbuddy.php en el plugin para WordPress BackupBuddy v2.2.25 permite a atacantes remotos obtener información de configuración a través de una acción "step 0 phpinfo", que llama a la función phpinfo. The BackupBuddy plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.2.28 via a step 0 phpinfo action, which calls the phpinfo function. This can allow remote attackers to extract configuration information. • http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html http://packetstormsecurity.com/files/120923 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 2

importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not reliably delete itself after completing a restore operation, which makes it easier for remote attackers to obtain access via subsequent requests to this script. importbuddy.php en el plugin de BackupBuddy v1.3.4, v2.1.4, v2.2.25, v2.2.28 y v2.2.4 para WordPress no es fiable queda eliminado tras completar una operación de restauración, lo que hace que sea más fácil para los atacantes remotos obtener acceso a través de las solicitudes posteriores a este script. • http://archives.neohapsis.com/archives/fulldisclosure/2013-03/0205.html http://packetstormsecurity.com/files/120923 • CWE-287: Improper Authentication •