Show filters
13 Total Results
Displaying 1-10 of 13
Sort by:
Attacker Value
Unknown
CVE-2024-8856
Disclosure Date: November 16, 2024 (last updated January 05, 2025)
The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the the UploadHandler.php file and no direct file access prevention in all versions up to, and including, 1.22.21. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
0
Attacker Value
Unknown
CVE-2024-49684
Disclosure Date: October 23, 2024 (last updated October 24, 2024)
Deserialization of Untrusted Data vulnerability in Revmakx Backup and Staging by WP Time Capsule allows Object Injection.This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.21.
0
Attacker Value
Unknown
CVE-2024-48020
Disclosure Date: October 11, 2024 (last updated October 12, 2024)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Revmakx Backup and Staging by WP Time Capsule allows SQL Injection.This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.21.
0
Attacker Value
Unknown
CVE-2024-38770
Disclosure Date: August 01, 2024 (last updated August 02, 2024)
Improper Privilege Management vulnerability in Revmakx Backup and Staging by WP Time Capsule allows Privilege Escalation, Authentication Bypass.This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.20.
0
Attacker Value
Unknown
CVE-2024-5551
Disclosure Date: June 14, 2024 (last updated August 08, 2024)
The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the 'sub' parameter called from the WP STAGING WordPress Backup Plugin - Backup Duplicator & Migration plugin. This makes it possible for unauthenticated attackers to include any local files that end in '-settings.php' via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
0
Attacker Value
Unknown
CVE-2024-4469
Disclosure Date: May 31, 2024 (last updated May 31, 2024)
The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations.
0
Attacker Value
Unknown
CVE-2024-3412
Disclosure Date: May 29, 2024 (last updated January 05, 2025)
The WP STAGING WordPress Backup Plugin – Migration Backup Restore plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpstg_processing AJAX action in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
0
Attacker Value
Unknown
CVE-2024-3682
Disclosure Date: April 26, 2024 (last updated April 26, 2024)
The WP STAGING and WP STAGING Pro plugins for WordPress are vulnerable to Sensitive Information Exposure in versions up to, and including, 3.4.3, and versions up to, and including, 5.4.3, respectively, via the ajaxSendReport function. This makes it possible for unauthenticated attackers to extract sensitive data from a log file, including system information and (in the Pro version) license keys. Successful exploitation requires an administrator to have used the 'Contact Us' functionality along with the "Enable this option to automatically submit the log files." option.
0
Attacker Value
Unknown
CVE-2024-2309
Disclosure Date: April 17, 2024 (last updated April 17, 2024)
The WP STAGING WordPress Backup Plugin WordPress plugin before 3.4.0, wp-staging-pro WordPress plugin before 5.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
0
Attacker Value
Unknown
CVE-2023-7204
Disclosure Date: January 29, 2024 (last updated February 06, 2024)
The WP STAGING WordPress Backup plugin before 3.2.0 allows access to cache files during the cloning process which provides
0