Threat Entry Updated 2024-11-21

CVE-2022-0864 - Updraftplus Wordpress Backup Plugin

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.

PLUGIN Updraftplus Wordpress Backup

CVE-2022-0864

MEDIUM CVSS 6.1 2022-04-04

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2021-25089 - Updraftplus Wordpress Backup Plugin

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.69 does not sanitise and escape the updraft_restore parameter before outputting it back in the Restore page, leading to a Reflected Cross-Site Scripting

PLUGIN Updraftplus Wordpress Backup

CVE-2021-25089

MEDIUM CVSS 6.1 2022-02-01

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2021-24423 - Updraftplus Wordpress Backup Plugin

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.6.59 does not sanitise its updraft_service settings, allowing high privilege users to set malicious JavaScript payload in it and leading to a Stored Cross-Site Scripting issue

PLUGIN Updraftplus Wordpress Backup

CVE-2021-24423

MEDIUM CVSS 4.8 2022-01-24

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-05-22

CVE-2021-25022 - Updraftplus Wordpress Backup Plugin

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backup_timestamp and job_id parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues

PLUGIN Updraftplus Wordpress Backup

CVE-2021-25022

MEDIUM CVSS 6.1 2022-01-03

Risk Score

Open Full Technical Breakdown