Vulnerabilities and security researches forcyan-backup cyan-backup
Direction: descendingDec 11, 2025
CYAN Backup # CVE-2025-12092
- CVE, Research URL
- Home page URL
- Application
- Date
- Nov 08, 2025
- Research Description
- The CYAN Backup plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' functionality in all versions up to, and including, 2.5.4. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
- Affected versions
-
max 2.5.5.
- Status
-
vulnerable
May 19, 2025
CYAN Backup # CVE-2024-9662
- CVE, Research URL
- Home page URL
- Application
- Date
- May 16, 2025
- Research Description
- The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
- Affected versions
-
max 2.5.3.
- Status
-
vulnerable
CYAN Backup # CVE-2024-9663
- CVE, Research URL
- Home page URL
- Application
- Date
- May 16, 2025
- Research Description
- The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
- Affected versions
-
max 2.5.3.
- Status
-
vulnerable
Nov 15, 2024
CYAN Backup # CVE-2024-52390
- CVE, Research URL
- Home page URL
- Application
- Date
- Nov 19, 2024
- Research Description
- : Path Traversal: '.../...//' vulnerability in CYAN Backup allows Path Traversal.This issue affects CYAN Backup: from n/a through 2.5.3.
- Affected versions
-
max 2.5.4.
- Status
-
vulnerable