Vulnerabilities and security researches forcyan-backup cyan-backup

Nov 15, 2024

CVE, Research URL: CVE-2024-52390
Home page URL: Security reports for CYAN Backup
Application: CYAN Backup
Date: Nov 19, 2024
Research Description: : Path Traversal: '.../...//' vulnerability in CYAN Backup allows Path Traversal.This issue affects CYAN Backup: from n/a through 2.5.3.
Affected versions: Min -, max -.
Status: vulnerable

May 19, 2025

CVE, Research URL: CVE-2024-9662
Home page URL: Security reports for CYAN Backup
Application: CYAN Backup
Date: May 16, 2025
Research Description: The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-9663
Home page URL: Security reports for CYAN Backup
Application: CYAN Backup
Date: May 16, 2025
Research Description: The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: Min -, max -.
Status: vulnerable