CVE-2021-24994

Summary

The Migration, Backup, Staging WordPress plugin before 0.9.69 does not have authorisation when adding remote storages, and does not sanitise as well as escape a parameter from such unauthenticated requests before outputting it in admin page, leading to a Stored Cross-Site Scripting issue

Affected Software

VendorProductVersion RangeStatus
UnknownMigration, Backup, Staging – WPvivid Backup and Migration Plugin0.9.69 < 0.9.69affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References