Cross-Site Scripting Vulnerability in BackWPup Plugin for WordPress
CVE-2013-4626

Currently unrated

Key Information:

Vendor: Wordpress
Status: BackWPup Plugin
Vendor: CVE Published:; 26 September 2013

Summary

The BackWPup plugin for WordPress is susceptible to a Cross-Site Scripting (XSS) vulnerability prior to version 3.0.13. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML into the application via the 'tab' parameter on the wp-admin/admin.php page. This exploit can lead to unauthorized actions performed on behalf of users, potentially compromising the security of the affected WordPress sites.

References

http://wordpress.org/plugins/backwpup/changelog

x_refsource_CONFIRM

http://www.securityfocus.com/bid/61904

vdb-entryx_refsource_BID

http://secunia.com/advisories/54515

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 26, 2013