Wadeek

**Name of the Vulnerable Software and Affected Versions** Backup Migration version 1.2.8 **Description** An information disclosure issue allows unauthenticated attackers to download complete database backups by accessing predictable file paths. Attackers can enumerate backup directories via configuration files and complete logs to construct direct download URLs and retrieve sensitive backup archives containing full database dumps. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax EW-7438RPn-v3 Mini version 1.27 **Description** The Edimax EW-7438RPn-v3 Mini device version 1.27 contains a remote code execution issue. Unauthenticated attackers can execute arbitrary commands by sending specially crafted POST requests to the `/goform/mp` API endpoint. Exploitation involves command injection payloads that allow downloading and executing malicious scripts on the device. The `POST` request to the `/goform/mp` endpoint is the attack vector. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax EW-7438RPn-v3 Mini version 1.27 **Description** The Edimax EW-7438RPn-v3 Mini device version 1.27 is susceptible to a cross-site request forgery (CSRF) issue. Successful exploitation allows an attacker to execute commands on the device with the privileges of an authenticated user. This is achieved by tricking a user into submitting a specially crafted form to the `/goform/mp` API endpoint. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Edimax EW-7438RPn-v3 Mini version 1.27 **Description** The Edimax EW-7438RPn-v3 Mini version 1.27 allows unauthenticated attackers to access the `/wizard reboot.asp` API endpoint in unsetup mode. This access discloses the Wi-Fi SSID and security key. Attackers can retrieve the wireless password by sending a GET request to this endpoint, exposing sensitive information without authentication. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions:** Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid versions through 1.14.9 **Description:** The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is susceptible to sensitive information exposure through the `env-info.php` and `restore-info.json` files. This allows unauthenticated attackers to discover the location of backup files and download them. **Recommendations:** Update Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid to a version later than 1.14.9.

Name of the Vulnerable Software and Affected Versions: WordPress Total Upkeep plugin versions prior to 1.14.10 Description: An unauthenticated information disclosure issue exists, allowing unauthenticated users to retrieve detailed server configuration and discover backup metadata. The exposed endpoints include "env-info.php" and "restore-info.json", which can disclose the absolute filesystem path of the latest backup. This path can be converted into a web-accessible URL, allowing attackers to download the backup. The database archive may contain credential hashes, facilitating offline password cracking or credential stuffing attacks. Recommendations: For versions prior to 1.14.10, update to version 1.14.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the "env-info.php" and "restore-info.json" endpoints to prevent unauthenticated users from retrieving sensitive information.