CVE-2013-4626 – BackWPup < 3.0.13 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-4626
Cross-site scripting (XSS) vulnerability in the BackWPup plugin before 3.0.13 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter to wp-admin/admin.php. Vulnerabilidad XSS en el plugin BackWPup anterior a v3.0.13 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través del parámetro "tab" a wp-admin/admin.php. WordPress BackWPup plugin version 3.0.12 suffers from a cross site scripting vulnerability. • http://archives.neohapsis.com/archives/bugtraq/2013-08/0127.html http://secunia.com/advisories/54515 http://wordpress.org/plugins/backwpup/changelog http://www.securityfocus.com/bid/61904 https://www.htbridge.com/advisory/HTB23161 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •