29 matches found
CVE-2022-0633
The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site such as subscriber to download the most recent site & database...
CVE-2017-18593
The updraftplus plugin before 1.13.5 for WordPress has XSS in rare cases where an attacker controls a string logged to a log file...
EUVD-2021-12001
Malware in sbrugna...
EUVD-2021-11335
Malware in sbrugna...
EUVD-2015-9200
Malware in sbrugna...
EUVD-2022-15730
Malicious code in bioql PyPI...
EUVD-2025-1552
Malicious code in bioql PyPI...
CVE-2025-0215
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the showdata and initiaterestore parameters in all versions up to, and including, 1.24.12 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2022-0864
The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraftinterval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting XSS vulnerability...
CVE-2021-25022
The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backuptimestamp and jobid parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues...
CVE-2021-25089
The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.69 does not sanitise and escape the updraftrestore parameter before outputting it back in the Restore page, leading to a Reflected Cross-Site Scripting...
CVE-2021-24423
The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.6.59 does not sanitise its updraftservice settings, allowing high privilege users to set malicious JavaScript payload in it and leading to a Stored Cross-Site Scripting issue...
CVE-2015-9360
The updraftplus plugin before 1.9.64 for WordPress has XSS via addqueryarg and removequeryarg...
CVE-2024-10957
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from 1.23.8 to 1.24.11 via deserialization of untrusted input in the 'recursiveunserializedreplace' function. This makes it possible for unauthenticated attackers to inject a P...
CVE-2025-0215
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the showdata and initiaterestore parameters in all versions up to, and including, 1.24.12 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-0215 UpdraftPlus - Backup/Restore <= 1.24.12 - Reflected Cross-Site Scripting
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the showdata and initiaterestore parameters in all versions up to, and including, 1.24.12 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-0215 UpdraftPlus - Backup/Restore <= 1.24.12 - Reflected Cross-Site Scripting
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the showdata and initiaterestore parameters in all versions up to, and including, 1.24.12 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-0215
The CVE-2025-0215 entry concerns UpdraftPlus: WP Backup & Migration Plugin for WordPress with a Reflected Cross-Site Scripting (XSS) vulnerability via showdata and initiate_restore in all versions up to and including 1.24.12. The issue is caused by insufficient input sanitization and output escap...
CVE-2024-10957 UpdraftPlus: WP Backup & Migration Plugin 1.23.8 - 1.24.11 - Unauthenticated PHP Object Injection
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from 1.23.8 to 1.24.11 via deserialization of untrusted input in the 'recursiveunserializedreplace' function. This makes it possible for unauthenticated attackers to inject a P...
PT-2023-32459 · WordPress · Updraftplus
Name of the Vulnerable Software and Affected Versions: UpdraftPlus: WordPress Backup & Migration Plugin versions up to, and including, 1.23.10 Description: The issue is related to Cross-Site Request Forgery due to a lack of nonce validation and insufficient validation of the instance id on the...