CVE-2023-23640

Missing Authorization vulnerability in MainWP MainWP UpdraftPlus Extension.This issue affects MainWP UpdraftPlus Extension: from n/a through 4.0.6...

CVE-2023-23640

The CVE-2023-23640 entry concerns the WordPress plugin MainWP UpdraftPlus Extension (versions ≤ 4.0.6). Public sources in the connected documents indicate a Broken Access Control (Missing Authorization) vulnerability that allows a Subscriber-level attacker to activate plugins arbitrarily. Patch g...

CVE-2023-23640 WordPress MainWP UpdraftPlus Extension Plugin <= 4.0.6 - Subscriber+ Arbitrary Plugin Activation Vulnerability

Missing Authorization vulnerability in MainWP MainWP UpdraftPlus Extension.This issue affects MainWP UpdraftPlus Extension: from n/a through 4.0.6...

CVE-2023-23640 WordPress MainWP UpdraftPlus Extension Plugin <= 4.0.6 - Subscriber+ Arbitrary Plugin Activation Vulnerability

Missing Authorization vulnerability in MainWP MainWP UpdraftPlus Extension.This issue affects MainWP UpdraftPlus Extension: from n/a through 4.0.6...

PT-2024-11988 · Mainwp · Mainwp Mainwp Updraftplus Extension

Name of the Vulnerable Software and Affected Versions: MainWP MainWP UpdraftPlus Extension versions 4.0.6 and earlier Description: The issue is related to a Missing Authorization vulnerability. There is no information provided about the estimated number of potentially affected devices worldwide o...

WordPress plugin MainWP UpdraftPlus Extension Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

UpdraftPlus: WordPress Backup & Migration < 1.23.11 - Google Drive Storage Update via CSRF

Description The plugin is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10. This is due to a lack of nonce validation and insufficient validation of the instanceid on the 'updraftmethod-googledrive-auth' action used to update Google Drive remote storage...

WordPress UpdraftPlus Plugin < 1.23.11 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:updraftplus:updraftplus"; ifdescription...

CVE-2023-5982

The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10. This is due to a lack of nonce validation and insufficient validation of the instanceid on the 'updraftmethod-googledrive-auth' acti...

CVE-2023-5982

The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10. This is due to a lack of nonce validation and insufficient validation of the instanceid on the 'updraftmethod-googledrive-auth' acti...

Cross site request forgery (csrf)

The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10. This is due to a lack of nonce validation and insufficient validation of the instanceid on the 'updraftmethod-googledrive-auth' acti...

CVE-2023-5982

CVE-2023-5982 affects the UpdraftPlus WordPress Backup & Migration Plugin (versions up to 1.23.10). It is a CSRF vulnerability caused by missing nonce validation and insufficient validation of instance_id on the updraftmethod-googledrive-auth action, allowing unauthenticated attackers to forge re...

CVE-2023-5982 UpdraftPlus <= 1.23.10 - Cross-Site Request Forgery to Google Drive Storage Update

The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10. This is due to a lack of nonce validation and insufficient validation of the instanceid on the 'updraftmethod-googledrive-auth' acti...

WordPress UpdraftPlus Plugin <= 1.23.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software UpdraftPlus Type Plugin Vulnerable versions = 1.23.10 Fixed in 1.23.11 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5982 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ef8f3eafdf9f Credits Nicolas Decayeux...

PT-2023-32459 · WordPress · Updraftplus

Name of the Vulnerable Software and Affected Versions: UpdraftPlus: WordPress Backup & Migration Plugin versions up to, and including, 1.23.10 Description: The issue is related to Cross-Site Request Forgery due to a lack of nonce validation and insufficient validation of the instance id on the...

WordPress Plugin UpdraftPlus Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress UpdraftPlus Plugin < 1.23.4 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:updraftplus:updraftplus"; ifdescription...

Critical Security Flaw in Social Login Plugin for WordPress Exposes Users' Accounts

A critical security flaw has been disclosed in miniOrange's Social Login and Register plugin for WordPress that could enable a malicious actor to log in as any user-provided information about email address is already known. Tracked as CVE-2023-2982 CVSS score: 9.8, the authentication bypass flaw...

CVE-2023-32960

Cross-Site Request Forgery CSRF vulnerability in UpdraftPlus.Com, DavidAnderson UpdraftPlus WordPress Backup Plugin = 1.23.3 versions leads to sitewide Cross-Site Scripting XSS...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in UpdraftPlus.Com, DavidAnderson UpdraftPlus WordPress Backup Plugin = 1.23.3 versions leads to sitewide Cross-Site Scripting XSS...