CVE-2023-32960 WordPress UpdraftPlus Plugin <= 1.23.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in UpdraftPlus.Com, DavidAnderson UpdraftPlus WordPress Backup Plugin = 1.23.3 versions leads to sitewide Cross-Site Scripting XSS...

WordPress Plugin UpdraftPlus 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

PT-2023-24101 · WordPress · Updraftplus

Name of the Vulnerable Software and Affected Versions: UpdraftPlus WordPress Backup Plugin versions prior to 1.23.3 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that can lead to sitewide Cross-Site Scripting XSS. Recommendations: For versions prior to 1.23....

UpdraftPlus < 1.23.4 - CSRF

The plugin does not have CSRF check in the actionauthenticatestorage, which could allow attackers to make logged in admins inject JavaScript into a parameter in the authentication process via a CSRF attack when they can trick an admin to perform multiple actions including re-authenticating a...

WordPress UpdraftPlus Plugin <= 1.23.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software UpdraftPlus Type Plugin Vulnerable versions = 1.23.3 Fixed in 1.23.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32960 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID d64e914c934f Credits Rafie Muhammad...

Wordfence Intelligence Weekly WordPress Vulnerability Report (Mar 13, 2023 to Mar 19, 2023)

Last week, there were 92 vulnerabilities disclosed in 76 WordPress Plugins and 7 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 34 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities i...

WordPress UpdraftPlus Plugin 2.22.14-2.23.2 is vulnerable to Broken Access Control

Software UpdraftPlus Type Plugin Vulnerable versions 2.22.14-2.23.2 Fixed in 2.23.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 5c443082ec78 Credits N/A Required privilege Subscriber...

WordPress UpdraftPlus Plugin <= 1.22.24 is vulnerable to Sensitive Data Exposure

Software UpdraftPlus Type Plugin Vulnerable versions = 1.22.24 Fixed in 1.23.1 OWASP Top 10 A5: Broken Access Control Classification Sensitive Data Exposure CVE N/A Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 8fed8919edba Credits Unknown Required privilege...

WordPress MainWP UpdraftPlus Extension Plugin <= 4.0.6 is vulnerable to Broken Access Control

Software MainWP UpdraftPlus Extension Type Plugin Vulnerable versions = 4.0.6 Fixed in 4.0.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23640 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 075f06640c08 Credits Dave Jong...

WordPress MainWP UpdraftPlus Extension Plugin <= 4.0.6 is vulnerable to Settings Change

Software MainWP UpdraftPlus Extension Type Plugin Vulnerable versions = 4.0.6 Fixed in 4.0.7 OWASP Top 10 A5: Broken Access Control Classification Settings Change CVE CVE-2023-23658 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID c87cd5d840bf Credits Dave Jong Patchstack...

WordPress UpdraftPlus WordPress Backup plugin跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. WordPress UpdraftPlus WordPress Backup plugin...

WordPress UpdraftPlus Plugin < 1.22.9 - Reflected Cross-Site Scripting Vulnerability

Tittle: WordPress Plugin UpdraftPlus confirm1 Classification Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/7337543f-4c2c-4365-aebf-3423e9d2f872...

WordPress UpdraftPlus Cross Site Scripting

Tittle: WordPress Plugin UpdraftPlus confirm1 Classification Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/7337543f-4c2c-4365-aebf-3423e9d2f872...

WordPress UpdraftPlus Backup Plugin < 1.22.9 XSS Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

CVE-2022-0864

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraftinterval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting XSS vulnerability...

CVE-2022-0864

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraftinterval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting XSS vulnerability...

Cross site scripting

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraftinterval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting XSS vulnerability...

CVE-2022-0864 UpdraftPlus < 1.22.9 - Reflected Cross-Site Scripting

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraftinterval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting XSS vulnerability...

CVE-2022-0864

CVE-2022-0864 affects the WordPress plugin UpdraftPlus WordPress Backup Plugin, pre-1.22.9. The vulnerability is a reflected Cross-Site Scripting (XSS) in the admin page caused by failure to sanitize/escape the updraft_interval parameter before output. Impact is XSS exposure via the admin interfa...

WordPress plugin UpdraftPlus WordPress Backup Plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. WordPress UpdraftPlus WordPress Backup plugin...