VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 3, 2022· Updated May 22, 2025

UpdraftPlus < 1.16.66 - Reflected Cross-Site Scripting

CVE-2021-25022

Description

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backup_timestamp and job_id parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.