3 matches found
CVE-2023-5982
CVE-2023-5982 affects the UpdraftPlus WordPress Backup & Migration Plugin (versions up to 1.23.10). It is a CSRF vulnerability caused by missing nonce validation and insufficient validation of instance_id on the updraftmethod-googledrive-auth action, allowing unauthenticated attackers to forge re...
CVE-2023-5982
The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10. This is due to a lack of nonce validation and insufficient validation of the instanceid on the 'updraftmethod-googledrive-auth' acti...
WordPress UpdraftPlus Plugin <= 1.23.10 is vulnerable to Cross Site Request Forgery (CSRF)
Software UpdraftPlus Type Plugin Vulnerable versions = 1.23.10 Fixed in 1.23.11 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5982 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ef8f3eafdf9f Credits Nicolas Decayeux...