39 matches found
UpdraftPlus plugin’s vulnerability: The WP Backup & Migration system for WordPress content management system, which allows attackers to inject a PHP object into the system.
UpdraftPlus plugin’s vulnerability: The WP Backup & Migration system of the WordPress content management system is vulnerable due to shortcomings in the deserialization mechanism. Exploiting this vulnerability allows an attacker to inject a PHP object remotely...
CVE-2024-10957
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from 1.23.8 to 1.24.11 via deserialization of untrusted input in the 'recursiveunserializedreplace' function. This makes it possible for unauthenticated attackers to inject a P...
CVE-2025-0215
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the showdata and initiaterestore parameters in all versions up to, and including, 1.24.12 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-0215 UpdraftPlus - Backup/Restore <= 1.24.12 - Reflected Cross-Site Scripting
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the showdata and initiaterestore parameters in all versions up to, and including, 1.24.12 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-0215 UpdraftPlus - Backup/Restore <= 1.24.12 - Reflected Cross-Site Scripting
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the showdata and initiaterestore parameters in all versions up to, and including, 1.24.12 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-0215
The CVE-2025-0215 entry concerns UpdraftPlus: WP Backup & Migration Plugin for WordPress with a Reflected Cross-Site Scripting (XSS) vulnerability via showdata and initiate_restore in all versions up to and including 1.24.12. The issue is caused by insufficient input sanitization and output escap...
CVE-2024-10957 UpdraftPlus: WP Backup & Migration Plugin 1.23.8 - 1.24.11 - Unauthenticated PHP Object Injection
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from 1.23.8 to 1.24.11 via deserialization of untrusted input in the 'recursiveunserializedreplace' function. This makes it possible for unauthenticated attackers to inject a P...
PT-2023-32459 · WordPress · Updraftplus
Name of the Vulnerable Software and Affected Versions: UpdraftPlus: WordPress Backup & Migration Plugin versions up to, and including, 1.23.10 Description: The issue is related to Cross-Site Request Forgery due to a lack of nonce validation and insufficient validation of the instance id on the...
Critical Security Flaw in Social Login Plugin for WordPress Exposes Users' Accounts
A critical security flaw has been disclosed in miniOrange's Social Login and Register plugin for WordPress that could enable a malicious actor to log in as any user-provided information about email address is already known. Tracked as CVE-2023-2982 CVSS score: 9.8, the authentication bypass flaw...
CVE-2023-32960 WordPress UpdraftPlus Plugin <= 1.23.3 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in UpdraftPlus.Com, DavidAnderson UpdraftPlus WordPress Backup Plugin = 1.23.3 versions leads to sitewide Cross-Site Scripting XSS...
CVE-2022-0864
The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraftinterval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting XSS vulnerability...
CVE-2022-0864
The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraftinterval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting XSS vulnerability...
CVE-2022-0633
The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site such as subscriber to download the most recent site & database...
CVE-2022-0633
The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site such as subscriber to download the most recent site & database...
CVE-2021-25022 UpdraftPlus < 1.16.66 - Reflected Cross-Site Scripting
The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backuptimestamp and jobid parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues...
WordPress plugin UpdraftPlus WordPress Backup 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. Cross-site scripting vulnerability exists in...
CVE-2017-16871
The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the pluploadaction function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter. NOTE: the vendor reports that this does not cross ...
PT-2017-14607 · WordPress · Updraftplus
Name of the Vulnerable Software and Affected Versions: UpdraftPlus plugin versions 1.13.12 and earlier Description: The issue concerns a Server-Side Request Forgery SSRF in the updraft ajax handler function, located in /wp-content/plugins/updraftplus/admin.php, which can be exploited via an httpg...
WordPress UpdraftPlus Plugin <= 1.9.50 - Privilege Escalation
This plugin is prone to a privilege escalation vulnerability. Solution Upgrade the plugin...