1.16.2

DATE	CVE	VULNERABILITY TITLE	RISK
2023-11-07	CVE-2023-5982	Cross-Site Request Forgery (CSRF) vulnerability in Updraftplus The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10. network low complexity updraftplus CWE-352	5.4
2023-06-22	CVE-2023-32960	Cross-Site Request Forgery (CSRF) vulnerability in Updraftplus Cross-Site Request Forgery (CSRF) vulnerability in UpdraftPlus.Com, DavidAnderson UpdraftPlus WordPress Backup Plugin <= 1.23.3 versions leads to sitewide Cross-Site Scripting (XSS). network low complexity updraftplus CWE-352	6.1
2022-04-04	CVE-2022-0864	Cross-site Scripting vulnerability in Updraftplus The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability. network updraftplus CWE-79	4.3
2022-02-01	CVE-2021-25089	Cross-site Scripting vulnerability in Updraftplus The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.69 does not sanitise and escape the updraft_restore parameter before outputting it back in the Restore page, leading to a Reflected Cross-Site Scripting network updraftplus CWE-79	4.3
2022-01-24	CVE-2021-24423	Cross-site Scripting vulnerability in Updraftplus The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.6.59 does not sanitise its updraft_service settings, allowing high privilege users to set malicious JavaScript payload in it and leading to a Stored Cross-Site Scripting issue network low complexity updraftplus CWE-79	4.8
2022-01-03	CVE-2021-25022	Cross-site Scripting vulnerability in Updraftplus The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backup_timestamp and job_id parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues network updraftplus CWE-79	4.3