VYPR

UpdraftPlus: WP Backup & Migration Plugin

by WordPress

CVEs (2)

  • CVE-2024-10957HigJan 4, 2025
    risk 0.50cvss 8.8epss 0.01

    The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from 1.23.8 to 1.24.11 via deserialization of untrusted input in the 'recursive_unserialized_replace' function. This makes it possible for unauthenticated…

  • CVE-2025-0215MedJan 15, 2025
    risk 0.40cvss 6.1epss 0.00

    The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the showdata and initiate_restore parameters in all versions up to, and including, 1.24.12 due to insufficient input sanitization and output escaping. This…