Vulnerabilities and security researches forbackup-bolt backup-bolt

Jun 10, 2024

CVE, Research URL: CVE-2023-7236
Home page URL: Security reports for Backup Bolt
Application: Backup Bolt
Date: Mar 19, 2024
Research Description: The Backup Bolt WordPress plugin through 1.3.0 is vulnerable to Information Exposure via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system errors which could contain sensitive information.
Affected versions: Min -, max -.
Status: vulnerable

Jun 11, 2024

CVE, Research URL: bc0c1fa51c016cd29c9a4fcba7b97da23cfc4c93
Home page URL: Security reports for Backup Bolt
Application: Backup Bolt
Date: Jul 18, 2023
Research Description: Backup Bolt [backup-bolt] < 1.2.0 WordPress Backup Bolt Plugin <= 1.1.3 is vulnerable to Cross Site Scripting (XSS) Update the WordPress Backup Bolt plugin to the latest available version (at least 1.2.0). Rafie Muhammad (Patchstack) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Backup Bolt Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 1.2.0.
Affected versions: Min -, max -.
Status: vulnerable