CVSS: 7.2EPSS: 97%CPEs: 1EXPL: 7CVE-2021-24155 – Backup Guard < 1.6.0 - Authenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2021-24155
18 Feb 2021 — The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE. El plugin WordPress Backup and Migrate - Backup Guard WordPress antes de la versión 1.6.0 no garantizaba que los archivos importados tuvieran el formato y la extensión SGBP, lo que permitía a los usuarios con altos privilegios (admin+) subir archiv... • https://packetstorm.news/files/id/163382 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-10837 – BackupGuard <= 1.1.46 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-10837
24 Aug 2017 — Cross-site scripting vulnerability in BackupGuard prior to version 1.1.47 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en BackupGuard en versiones anteriores a la 1.1.47 permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados. • https://jvn.jp/en/jp/JVN58559719/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18488 – Backup Guard <= 1.1.46 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18488
11 Aug 2017 — The Backup Guard plugin before 1.1.47 for WordPress has multiple XSS issues. El complemento Backup Guard versión anterior a 1.1.47 para WordPress tiene múltiples problemas XSS. • https://wordpress.org/plugins/backup/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •