Lucene search
WPScanCVELIST:CVE-2021-24423HistoryJan 24, 2022 - 8:00 a.m.
CVE-2021-24423 UpdraftPlus < 1.16.59 - Admin+ Stored Cross-Site Scripting
2022-01-2408:00:45
CWE-79
WPScan
www.cve.org
3
updraftplus
wordpress
cross-site scripting
cve-2021-24423
high privilege users
javascript payload
EPSS
0.001
Percentile
24.8%
The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.6.59 does not sanitise its updraft_service settings, allowing high privilege users to set malicious JavaScript payload in it and leading to a Stored Cross-Site Scripting issue
CNA Affected
[
{
"product": "UpdraftPlus WordPress Backup Plugin",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.6.59",
"status": "affected",
"version": "1.6.59",
"versionType": "custom"
}
]
}
]Related
openvas
openvas
WordPress UpdraftPlus Backup Plugin < 1.16.59 XSS Vulnerability
2022-01-26 00:00:00
cnvd
cnvd
WordPress UpdraftPlus plugin cross-site scripting vulnerability
2022-01-26 00:00:00
prion
prion
Cross site scripting
2022-01-24 08:15:00
cve
cve
CVE-2021-24423
2022-01-24 08:15:08
nvd
nvd
CVE-2021-24423
2022-01-24 08:15:08