Vulnerabilities > Updraftplus > Updraftplus > 1.9.62

DATE CVE VULNERABILITY TITLE RISK
2023-11-07 CVE-2023-5982 Cross-Site Request Forgery (CSRF) vulnerability in Updraftplus
The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10.
network
low complexity
updraftplus CWE-352
5.4
5.4
2023-06-22 CVE-2023-32960 Cross-Site Request Forgery (CSRF) vulnerability in Updraftplus
Cross-Site Request Forgery (CSRF) vulnerability in UpdraftPlus.Com, DavidAnderson UpdraftPlus WordPress Backup Plugin <= 1.23.3 versions leads to sitewide Cross-Site Scripting (XSS).
network
low complexity
updraftplus CWE-352
6.1
6.1
2022-04-04 CVE-2022-0864 Unspecified vulnerability in Updraftplus
The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.
network
low complexity
updraftplus
6.1
6.1
2022-02-01 CVE-2021-25089 Unspecified vulnerability in Updraftplus
The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.69 does not sanitise and escape the updraft_restore parameter before outputting it back in the Restore page, leading to a Reflected Cross-Site Scripting
network
low complexity
updraftplus
6.1
6.1
2022-01-24 CVE-2021-24423 Unspecified vulnerability in Updraftplus
The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.6.59 does not sanitise its updraft_service settings, allowing high privilege users to set malicious JavaScript payload in it and leading to a Stored Cross-Site Scripting issue
network
low complexity
updraftplus
4.8
4.8
2022-01-03 CVE-2021-25022 Cross-site Scripting vulnerability in Updraftplus
The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backup_timestamp and job_id parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues
network
low complexity
updraftplus CWE-79
6.1
6.1
2019-08-28 CVE-2017-18593 Cross-site Scripting vulnerability in Updraftplus
The updraftplus plugin before 1.13.5 for WordPress has XSS in rare cases where an attacker controls a string logged to a log file.
network
low complexity
updraftplus CWE-79
6.1
6.1
2019-08-28 CVE-2015-9360 Cross-site Scripting vulnerability in Updraftplus
The updraftplus plugin before 1.9.64 for WordPress has XSS via add_query_arg() and remove_query_arg().
network
low complexity
updraftplus CWE-79
6.1
6.1
2017-11-17 CVE-2017-16871 Code Injection vulnerability in Updraftplus
The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter.
network
high complexity
updraftplus CWE-94
8.1
8.1
2017-11-17 CVE-2017-16870 Server-Side Request Forgery (SSRF) vulnerability in Updraftplus
The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction.
network
high complexity
updraftplus CWE-918
8.1
8.1