VYPR

Updraftplus

by Updraftplus

CVEs (5)

  • CVE-2017-16871HigNov 17, 2017
    risk 0.53cvss 8.1epss 0.02

    The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter. NOTE: the vendor reports that…

  • CVE-2017-16870HigNov 17, 2017
    risk 0.53cvss 8.1epss 0.01

    The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that this does not cross a privilege boundary

  • CVE-2024-10957HigJan 4, 2025
    risk 0.50cvss 8.8epss 0.01

    The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from 1.23.8 to 1.24.11 via deserialization of untrusted input in the 'recursive_unserialized_replace' function. This makes it possible for unauthenticated…

  • CVE-2025-0215MedJan 15, 2025
    risk 0.40cvss 6.1epss 0.00

    The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the showdata and initiate_restore parameters in all versions up to, and including, 1.24.12 due to insufficient input sanitization and output escaping. This…

  • CVE-2023-5982MedNov 7, 2023
    risk 0.28cvss 5.4epss 0.00

    The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10. This is due to a lack of nonce validation and insufficient validation of the instance_id on the…