CVE-2022-0864

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraftinterval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting XSS vulnerability...

CVE-2021-25022

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backuptimestamp and jobid parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues...

CVE-2021-25089

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.69 does not sanitise and escape the updraftrestore parameter before outputting it back in the Restore page, leading to a Reflected Cross-Site Scripting...

CVE-2021-24423

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.6.59 does not sanitise its updraftservice settings, allowing high privilege users to set malicious JavaScript payload in it and leading to a Stored Cross-Site Scripting issue...

CVE-2015-9360

The updraftplus plugin before 1.9.64 for WordPress has XSS via addqueryarg and removequeryarg...

CVE-2024-10957

The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from 1.23.8 to 1.24.11 via deserialization of untrusted input in the 'recursiveunserializedreplace' function. This makes it possible for unauthenticated attackers to inject a P...

CVE-2025-0215

The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the showdata and initiaterestore parameters in all versions up to, and including, 1.24.12 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-0215 UpdraftPlus - Backup/Restore <= 1.24.12 - Reflected Cross-Site Scripting

The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the showdata and initiaterestore parameters in all versions up to, and including, 1.24.12 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-0215 UpdraftPlus - Backup/Restore <= 1.24.12 - Reflected Cross-Site Scripting

The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the showdata and initiaterestore parameters in all versions up to, and including, 1.24.12 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-0215

The CVE-2025-0215 entry concerns UpdraftPlus: WP Backup & Migration Plugin for WordPress with a Reflected Cross-Site Scripting (XSS) vulnerability via showdata and initiate_restore in all versions up to and including 1.24.12. The issue is caused by insufficient input sanitization and output escap...

WordPress UpdraftPlus - Backup/Restore plugin <= 1.24.12 - Reflected Cross-Site Scripting vulnerability

WordPress UpdraftPlus - Backup/Restore plugin = 1.24.12 - Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin UpdraftPlus versions = 1.24.12...

WordPress plugin UpdraftPlus - Backup/Restore 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-3787 · WordPress · Updraftplus

Name of the Vulnerable Software and Affected Versions: UpdraftPlus: WP Backup & Migration Plugin versions up to 1.24.12 Description: The issue is related to Reflected Cross-Site Scripting XSS due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inje...

WordPress UpdraftPlus plugin <= 1.24.11 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Webbernaut in WordPress Plugin UpdraftPlus versions = 1.24.11...

CVE-2024-10957

The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from 1.23.8 to 1.24.11 via deserialization of untrusted input in the 'recursiveunserializedreplace' function. This makes it possible for unauthenticated attackers to inject a P...

CVE-2024-10957 UpdraftPlus: WP Backup & Migration Plugin 1.23.8 - 1.24.11 - Unauthenticated PHP Object Injection

The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from 1.23.8 to 1.24.11 via deserialization of untrusted input in the 'recursiveunserializedreplace' function. This makes it possible for unauthenticated attackers to inject a P...

CVE-2024-10957 UpdraftPlus: WP Backup & Migration Plugin 1.23.8 - 1.24.11 - Unauthenticated PHP Object Injection

The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from 1.23.8 to 1.24.11 via deserialization of untrusted input in the 'recursiveunserializedreplace' function. This makes it possible for unauthenticated attackers to inject a P...

WordPress plugin UpdraftPlus 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

PT-2025-1616 · WordPress · Updraftplus: Wp Backup & Migration Plugin

Name of the Vulnerable Software and Affected Versions: UpdraftPlus: WP Backup & Migration Plugin versions 1.23.8 through 1.24.11 Description: The UpdraftPlus: WP Backup & Migration Plugin for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted input in the recursive...

CVE-2023-23640

Missing Authorization vulnerability in MainWP MainWP UpdraftPlus Extension.This issue affects MainWP UpdraftPlus Extension: from n/a through 4.0.6...