Jetbackup: >> Jetbackup >> 1.4.1 Security Vulnerabilities
The JetBackup WordPress plugin before 2.0.9.9 doesn't use index files to prevent public directory listing of sensitive directories in certain configurations, which allows malicious actors to leak backup files.
CVSS Score
7.5
EPSS Score
0.006
Published
2024-02-27
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JetBackup JetBackup – WP Backup, Migrate & Restore plugin <= 1.6.9.0 versions.
CVSS Score
4.8
EPSS Score
0.001
Published
2023-03-15
The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability checking on the backup_guard_cloud_dropbox, backup_guard_cloud_gdrive, and backup_guard_cloud_oneDrive functions. This makes it possible for authenticated attackers, with minimal permissions, such as a subscriber to change to location of back-ups and potentially steal sensitive information from them.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-03-07