Skip to main content

Backup And Migration

3 CVEs product

Monthly

CVE-2024-31254 LOW Monitor

Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration.4.7. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress Information Disclosure Backup And Migration
NVD
CVSS 3.1
3.7
EPSS
1.0%
CVE-2023-5738 MEDIUM POC This Month

The WordPress Backup & Migration WordPress plugin before 1.4.4 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Backup And Migration
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-5737 MEDIUM POC This Month

The WordPress Backup & Migration WordPress plugin before 1.4.4 does not authorize some AJAX requests, allowing users with a role as low as Subscriber to update some plugin settings. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Backup And Migration
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
EPSS 1% CVSS 3.7
LOW Monitor

Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration.4.7. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress Information Disclosure Backup And Migration
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

The WordPress Backup & Migration WordPress plugin before 1.4.4 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Backup And Migration
NVD WPScan
EPSS 0% CVSS 4.3
MEDIUM POC This Month

The WordPress Backup & Migration WordPress plugin before 1.4.4 does not authorize some AJAX requests, allowing users with a role as low as Subscriber to update some plugin settings. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Backup And Migration
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy