166 matches found
CVE-2017-18593
The updraftplus plugin before 1.13.5 for WordPress has XSS in rare cases where an attacker controls a string logged to a log file...
WordPress UpdraftPlus Plugin Server-Side Request Forgery Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.UpdraftPlus plugin is used in one of the WordPress backup plugin. WordPress UpdraftPlus plugin 1.13.12 and earlier...
WordPress UpdraftPlus Plugin Multiple Vulnerabilities
These CVE SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.140535";...
Cross site scripting
DISPUTED The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraftajaxhandler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that this does not cross a privilege boundary...
Race condition
DISPUTED The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the pluploadaction function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter. NOTE: the vendor reports that this does n...
CVE-2017-16871
The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the pluploadaction function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter. NOTE: the vendor reports that this does not cross ...
CVE-2017-16870
The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraftajaxhandler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that this does not cross a privilege boundary...
CVE-2017-16871
The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the pluploadaction function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter. NOTE: the vendor reports that this does not cross ...
CVE-2017-16870
The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraftajaxhandler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that this does not cross a privilege boundary...
CVE-2017-16870
CVE-2017-16870 affects WordPress UpdraftPlus plugin up to version 1.13.12. The vulnerability is a server-side request forgery (SSRF) in the updraft_ajax_handler function of /wp-content/plugins/updraftplus/admin.php, exploitable via an httpget subaction. The vendor notes that this does not cross a...
CVE-2017-16871
The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the pluploadaction function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter. NOTE: the vendor reports that this does not cross ...
CVE-2017-16870
The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraftajaxhandler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that this does not cross a privilege boundary...
CVE-2017-16871
The CVE-2017-16871 entry concerns the WordPress UpdraftPlus plugin (versions up to 1.13.12). A race condition in the plupload_action function, before deleting a file tied to the name parameter in /wp-content/plugins/updraftplus/admin.php, allows remote PHP code execution. The vendor notes this do...
PT-2017-14608 · WordPress · Updraftplus
Name of the Vulnerable Software and Affected Versions: UpdraftPlus plugin versions 1.13.12 and earlier Description: The issue allows remote PHP code execution due to a race condition in the plupload action function before deleting a file associated with the name parameter in...
PT-2017-14607 · WordPress · Updraftplus
Name of the Vulnerable Software and Affected Versions: UpdraftPlus plugin versions 1.13.12 and earlier Description: The issue concerns a Server-Side Request Forgery SSRF in the updraft ajax handler function, located in /wp-content/plugins/updraftplus/admin.php, which can be exploited via an httpg...
WordPress updraftplus plugin has a file upload vulnerability
Wordpress updraftplus is a plugin that assists Wordpress users in backing up their websites by backing up the entire site to the cloud. A file upload vulnerability exists in the WordPress updraftplus plugin. An attacker can exploit this vulnerability to directly upload php files and gain control ...
wordpress plugin updraftplus ssrf
No description provided by source...
SSRF Vulnerability in Wordpress updraftplus Plugin
Wordpress updraftplus is a plugin that assists Wordpress users in backing up their websites, allowing them to back up their entire site to various clouds. An SSRF vulnerability exists in the Wordpress updraftplus plugin. The vulnerability is due to admin.php script updraftajaxhandler function uri...
wordpress plugin updraftplus arbitrary file upload
No description provided by source...
Updraftplus < 1.13.5 - XSS
The UpdraftPlus WordPress Backup Plugin WordPress plugin was affected by a XSS security vulnerability...