Exploit for CVE-2026-10795

CVE-2026-10795 UpdraftPlus Auto-Exploit & Mass Scanner Au...

Exploit for CVE-2026-10795

CVE-2026-10795 CVE-2026-10795 – UpdraftPlus Authentication Byp...

CVE-2026-10795

The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.26.4 via the UpdraftPlusRemoteCommunicationsV2::wploaded function. This is due to insufficient validation of the remote communications message format,...

CVE-2026-10795 UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc

The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.26.4 via the UpdraftPlusRemoteCommunicationsV2::wploaded function. This is due to insufficient validation of the remote communications message format,...

CVE-2026-10795

UpdraftPlus (WordPress plugin)

WordPress plugin UpdraftPlus: WP Backup & Migration Plugin 数据伪造问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. One...

VulnCheck KEV: CVE-2026-10795

The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.26.4 via the UpdraftPlusRemoteCommunicationsV2::wploaded function. This is due to insufficient validation of the remote communications message format,...

CVE-2022-0633

The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site such as subscriber to download the most recent site & database...

CVE-2017-18593

The updraftplus plugin before 1.13.5 for WordPress has XSS in rare cases where an attacker controls a string logged to a log file...

EUVD-2021-11335

Malware in sbrugna...

EUVD-2015-9200

Malware in sbrugna...

EUVD-2021-12001

Malware in sbrugna...

EUVD-2022-15730

Malicious code in bioql PyPI...

EUVD-2025-1552

Malicious code in bioql PyPI...

CVE-2025-0215

The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the showdata and initiaterestore parameters in all versions up to, and including, 1.24.12 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2022-0864

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraftinterval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting XSS vulnerability...

CVE-2021-25022

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backuptimestamp and jobid parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues...

CVE-2021-25089

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.69 does not sanitise and escape the updraftrestore parameter before outputting it back in the Restore page, leading to a Reflected Cross-Site Scripting...

CVE-2021-24423

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.6.59 does not sanitise its updraftservice settings, allowing high privilege users to set malicious JavaScript payload in it and leading to a Stored Cross-Site Scripting issue...

CVE-2015-9360

The updraftplus plugin before 1.9.64 for WordPress has XSS via addqueryarg and removequeryarg...