WordPress Plugin Vulnerabilities

BackupBuddy < 8.8.3 - Multiple Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting

Proof of Concept

Affects Plugins

Plugin icon
backupbuddy
Fixed in 8.8.3

References

CVE
CVE-2022-4897

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.5 (high)

Miscellaneous

Original Researcher
WPScan
Verified
Yes
WPVDB ID
7b0eeafe-b9bc-43b2-8487-a23d3960f73f

Timeline

Publicly Published
2023-01-30 (about 2 years ago)
Added
2023-01-30 (about 2 years ago)
Last Updated
2023-01-30 (about 2 years ago)

Other

Published
Title
Published
2023-08-17
Title
GD Security Headers < 1.7 - Reflected XSS
Published
2013-08-05
Title
Chat <= 1.0.8 - Cross-Site Scripting (XSS) in 'message' Parameter
Published
2023-10-16
Title
Contact Form Builder, Contact Widget <= 2.1.7 - Reflected XSS
Published
2023-05-17
Title
Waiting: One-click countdowns <= 0.6.2 - Subscriber+ Stored XSS
Published
2021-08-30
Title
TranslatePress < 2.0.9 - Authenticated Stored Cross-Site Scripting