VYPR

Backup Backup

by WordPress

Source repositories

CVEs (9)

  • CVE-2024-10932HigJan 4, 2025
    risk 0.57cvss 8.8epss 0.01

    The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursive_unserialize_replace' function. This makes it possible for unauthenticated attackers to inject a…

  • CVE-2025-14944MedApr 7, 2026
    risk 0.34cvss 5.3epss 0.01

    The Backup Migration plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.0.0. This is due to a missing capability check on the 'initializeOfflineAjax' function and lack of proper nonce verification. The endpoint only validates…

  • CVE-2024-32686MedApr 18, 2024
    risk 0.34cvss 5.3epss 0.00

    Insertion of Sensitive Information into Log File vulnerability in Inisev Backup Migration.This issue affects Backup Migration: from n/a through 1.4.3.

  • CVE-2026-4853MedApr 17, 2026
    risk 0.32cvss 4.9epss 0.01

    The JetBackup – Backup, Restore & Migrate plugin for WordPress is vulnerable to Path Traversal leading to Arbitrary Directory Deletion in versions up to and including 3.1.19.8. This is due to insufficient input validation on the fileName parameter in the file upload handler.…

  • CVE-2023-3977MedJul 28, 2023
    risk 0.21cvss 4.3epss 0.01

    Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it…

  • CVE-2023-0958MedJul 28, 2023
    risk 0.21cvss 4.3epss 0.01

    Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for…

  • CVE-2024-9663May 15, 2025
    risk 0.00cvss epss 0.00

    The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite…

  • CVE-2024-9662May 15, 2025
    risk 0.00cvss epss 0.00

    The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite…

  • CVE-2023-5737Nov 27, 2023
    risk 0.00cvss epss 0.00

    The WordPress Backup & Migration WordPress plugin before 1.4.4 does not authorize some AJAX requests, allowing users with a role as low as Subscriber to update some plugin settings.