Vulnerabilities > Updraftplus > ALL IN ONE Security > 5.1.4

DATE CVE VULNERABILITY TITLE RISK
2024-02-07 CVE-2024-1037 Cross-site Scripting vulnerability in Updraftplus All-In-One Security
The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping.
network
low complexity
updraftplus CWE-79
6.1
6.1
2023-04-10 CVE-2023-0156 Unspecified vulnerability in Updraftplus All-In-One Security
The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an authorized user (admin+) to view the contents of arbitrary files and list directories anywhere on the server (to which the web server has access).
network
low complexity
updraftplus
4.9
4.9
2023-04-10 CVE-2023-0157 Cross-site Scripting vulnerability in Updraftplus All-In-One Security
The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user (admin+) to plant bogus log files containing malicious JavaScript code that will be executed in the context of any administrator visiting this page.
network
low complexity
updraftplus CWE-79
4.8
4.8