Lucene search
+L

CVE-2022-0633

🗓️ 17 Feb 2022 18:45:11Reported by WPScanType 
cve
 cve
🔗 web.nvd.nist.gov👁 221 Views🌐 WEB

The UpdraftPlus WordPress plugin Free/Premium before 1.22.3/2.22.3 allows unauthorized backup downloa

Related
Detection
Affected
Refs
Paths
NVD
Vulners
Node
OR
updraftplusupdraftplusRange<1.22.3freewordpress
updraftplusupdraftplusRange<2.22.3premiumwordpress
[
  {
    "product": "UpdraftPlus WordPress Backup Plugin (Free)",
    "vendor": "UpdraftPlus",
    "versions": [
      {
        "lessThan": "1.22.3",
        "status": "affected",
        "version": "1.22.3",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "UpdraftPlus WordPress Backup Plugin (Premium)",
    "vendor": "UpdraftPlus",
    "versions": [
      {
        "lessThan": "2.22.3",
        "status": "affected",
        "version": "2.22.3",
        "versionType": "custom"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
logrequest body/wp-login.phpUser login used to obtain an authenticated session for privilege abuseCWE-863
pwdrequest body/wp-login.phpUser login used to obtain an authenticated session for privilege abuseCWE-863
wp-submitrequest body/wp-login.phpUser login used to obtain an authenticated session for privilege abuseCWE-863
redirect_torequest body/wp-login.phpUser login used to obtain an authenticated session for privilege abuseCWE-863
testcookierequest body/wp-login.phpUser login used to obtain an authenticated session for privilege abuseCWE-863
actionrequest body/wp-admin/admin-ajax.phpHeartbeat/privilege-check flow leaking backup nonce via admin-ajax to enable unauthorized backup accessCWE-863
_noncerequest body/wp-admin/admin-ajax.phpHeartbeat/privilege-check flow leaking backup nonce via admin-ajax to enable unauthorized backup accessCWE-863
data[updraftplus][log_fetch]request body/wp-admin/admin-ajax.phpHeartbeat/privilege-check flow leaking backup nonce via admin-ajax to enable unauthorized backup accessCWE-863
data[updraftplus][log_nonce]request body/wp-admin/admin-ajax.phpHeartbeat/privilege-check flow leaking backup nonce via admin-ajax to enable unauthorized backup accessCWE-863
pagerequest body/wp-admin/admin-post.php/%0a/wp-admin/options-general.phpBackup download trigger using the leaked nonce to download the database backupCWE-863
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 04:20Current
6.4Medium risk
Vulners AI Score6.4
CVSS 24
CVSS 3.16.5
EPSS0.0201
221