Keep Backup Daily
Approved changes feed: RSS · Atom
cpe:2.3:a:fahadmahmood:keep_backup_daily:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Fahadmahmood (598523eb-f5ef-5682-b133-d9190b3254ad) |
|---|---|
| Product | Keep Backup Daily (ebf8bb12-d3e5-59b5-859b-6159ef19002b) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-3577 |
vulnerable | 2026-06-08 08:01:18.991658 |
Keep Backup Daily <= 2.1.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Backup Title
MEDIUM (4.4)
The Keep Backup Daily plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the backup title alias (`val` parameter) in the `update_kbd_bkup_alias` AJAX action in all versions up to, and including, 2.1.2. This is due to insufficient input sanitization and output escaping. While `sanitize_text_field()` strips HTML tags on save, it does not encode double quotes. The backup titles are output in HTML attribute contexts without `esc_attr()`. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts via attribute injection that will execute whenever another administrator views the backup list page.
Published: 2026-03-20T23:25:11.059Z
Updated: 2026-04-08T16:37:40.746Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-3339 |
vulnerable | 2026-06-08 08:01:18.423149 |
Keep Backup Daily <= 2.1.1 - Authenticated (Admin+) Limited Path Traversal via 'kbd_path' Parameter
LOW (2.7)
The Keep Backup Daily plugin for WordPress is vulnerable to Limited Path Traversal in all versions up to, and including, 2.1.1 via the `kbd_open_upload_dir` AJAX action. This is due to insufficient validation of the `kbd_path` parameter, which is only sanitized with `sanitize_text_field()` - a function that does not strip path traversal sequences. This makes it possible for authenticated attackers, with Administrator-level access and above, to list the contents of arbitrary directories on the server outside of the intended uploads directory.
Published: 2026-03-20T23:25:09.949Z
Updated: 2026-04-08T16:32:34.130Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-1820 |
vulnerable | 2026-06-08 05:39:13.992168 |
Keep Backup Daily <= 2.0.2 - Reflected Cross-Site Scripting
MEDIUM (6.1)
The Keep Backup Daily plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘t’ parameter in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Published: 2022-06-13T13:09:38.000Z
Updated: 2026-04-08T17:04:50.002Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.