Updraftplus Wordpress Backup Plugin
Sign in to watchby Unknown
CVEs (4)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-0864 | 0.00 | — | 0.03 | Apr 4, 2022 | The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability. | ||
| CVE-2021-25089 | 0.00 | — | 0.00 | Feb 1, 2022 | The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.69 does not sanitise and escape the updraft_restore parameter before outputting it back in the Restore page, leading to a Reflected Cross-Site Scripting | ||
| CVE-2021-24423 | 0.00 | — | 0.00 | Jan 24, 2022 | The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.6.59 does not sanitise its updraft_service settings, allowing high privilege users to set malicious JavaScript payload in it and leading to a Stored Cross-Site Scripting issue | ||
| CVE-2021-25022 | 0.00 | — | 0.00 | Jan 3, 2022 | The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backup_timestamp and job_id parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues |