CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

29 matches found

The Hacker News•added 2023/06/29 7:24 a.m.•52 views

Critical Security Flaw in Social Login Plugin for WordPress Exposes Users' Accounts

A critical security flaw has been disclosed in miniOrange's Social Login and Register plugin for WordPress that could enable a malicious actor to log in as any user-provided information about email address is already known. Tracked as CVE-2023-2982 CVSS score: 9.8, the authentication bypass flaw...

7.2AI score0.70122EPSS

Exploits6

Cvelist•added 2023/06/22 12:51 p.m.•24 views

CVE-2023-32960 WordPress UpdraftPlus Plugin <= 1.23.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in UpdraftPlus.Com, DavidAnderson UpdraftPlus WordPress Backup Plugin = 1.23.3 versions leads to sitewide Cross-Site Scripting XSS...

7.1CVSS6.8AI score0.00081EPSS

Exploits0References1

OSV•added 2022/04/04 4:15 p.m.•1 views

CVE-2022-0864

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraftinterval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting XSS vulnerability...

6.1CVSS5.8AI score

Exploits0References2

OSV•added 2022/02/17 7:15 p.m.•3 views

CVE-2022-0633

The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site such as subscriber to download the most recent site & database...

6.5CVSS5.6AI score0.01358EPSS

Exploits3References4

Vulnrichment•added 2022/01/03 12:49 p.m.•4 views

CVE-2021-25022 UpdraftPlus < 1.16.66 - Reflected Cross-Site Scripting

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backuptimestamp and jobid parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues...

6AI score0.00269EPSS

Exploits2References3

CNNVD•added 2022/01/03 12:0 a.m.•2 views

WordPress plugin UpdraftPlus WordPress Backup 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. Cross-site scripting vulnerability exists in...

6.1CVSS5.9AI score0.00269EPSS

Exploits2References4

OSV•added 2017/11/17 9:29 a.m.•1 views

CVE-2017-16871

The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the pluploadaction function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter. NOTE: the vendor reports that this does not cross ...

8.1CVSS6AI score0.01062EPSS

Exploits1References1

Positive Technologies•added 2017/11/17 12:0 a.m.•2 views

PT-2017-14607 · WordPress · Updraftplus

Name of the Vulnerable Software and Affected Versions: UpdraftPlus plugin versions 1.13.12 and earlier Description: The issue concerns a Server-Side Request Forgery SSRF in the updraft ajax handler function, located in /wp-content/plugins/updraftplus/admin.php, which can be exploited via an httpg...

8.1CVSS8.2AI score0.00383EPSS

Exploits1References4