Vulnerabilities > Updraftplus > ALL IN ONE Security > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-07 | CVE-2024-1037 | Cross-site Scripting vulnerability in Updraftplus All-In-One Security The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. | 6.1 |
| 2023-04-10 | CVE-2023-0156 | Unspecified vulnerability in Updraftplus All-In-One Security The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an authorized user (admin+) to view the contents of arbitrary files and list directories anywhere on the server (to which the web server has access). | 4.9 |
| 2023-04-10 | CVE-2023-0157 | Cross-site Scripting vulnerability in Updraftplus All-In-One Security The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user (admin+) to plant bogus log files containing malicious JavaScript code that will be executed in the context of any administrator visiting this page. | 4.8 |
| 2023-01-23 | CVE-2022-4346 | Unspecified vulnerability in Updraftplus All-In-One Security The All-In-One Security (AIOS) WordPress plugin before 5.1.3 leaked settings of the plugin publicly, including the used email address. | 5.3 |
| 2022-12-12 | CVE-2022-4097 | Authorization Bypass Through User-Controlled Key vulnerability in Updraftplus All-In-One Security The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is susceptible to IP Spoofing attacks, which can lead to bypassed security features (like IP blocks, rate limiting, brute force protection, and more). | 5.3 |