PT-2025-3787 · WordPress · Updraftplus

Name of the Vulnerable Software and Affected Versions: UpdraftPlus: WP Backup & Migration Plugin versions up to 1.24.12 Description: The issue is related to Reflected Cross-Site Scripting XSS due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inje...

D-LINK DWL-6610 Command Injection Vulnerability

The D-Link DWL-6610 is a wireless access point from D-Link. A security vulnerability exists in the D-LINK DWL-6610 due to a command injection vulnerability in the configuploadhandler function. An attacker can use this vulnerability to execute arbitrary commands via the configRestore parameter...

PT-2023-5381 · D Link · D-Link Dwl-6610Ap

Name of the Vulnerable Software and Affected Versions: D-LINK DWL-6610 version 4.3.0.8B003C Description: The issue is related to a command injection vulnerability in the config upload handler function. This vulnerability allows attackers to execute arbitrary commands via the configRestore...

CVE-2021-25089

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.69 does not sanitise and escape the updraftrestore parameter before outputting it back in the Restore page, leading to a Reflected Cross-Site Scripting...

WordPress plugin跨站脚本漏洞

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. A cross-site scripting vulnerability exists in the WordPress UpdraftPlus Backup Plugin in versions prior to 1.16.69. The vulnerability stems from the failure to escape the updraftrestore parameter and c...