3 results (0.015 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through 1.4.7. The WordPress Backup & Migration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.7 via log files. This makes it possible for unauthenticated attackers to extract sensitive data from log files. • https://patchstack.com/database/vulnerability/wp-migration-duplicator/wordpress-wordpress-backup-migration-plugin-1-4-7-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

The WordPress Backup & Migration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wt_save_settings and save_schedule functions in versions up to, and including, 1.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify plugin settings or the cron schedule. • CWE-862: Missing Authorization •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

The WordPress Backup & Migration plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wt_delete_schedule' AJAX function in versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete the migration schedule cron. • CWE-862: Missing Authorization •