{"error":0,"message":null,"data":{"name":"UpdraftPlus: WP Backup & Migration Plugin","plugin":"updraftplus","link":"https:\/\/wordpress.org\/plugins\/updraftplus\/","latest":"1759764180","closed":0,"vulnerability":[{"uuid":"73e83c465328e538f95fe05937eeec6ceb516207e1d1d250e2e8c18cbeaab902","name":"UpdraftPlus: WP Backup & Migration Plugin [updraftplus] < 1.22.3","description":null,"operator":{"min_version":null,"min_operator":null,"max_version":"1.22.3","max_operator":"lt","unfixed":"0","closed":"0"},"source":[{"id":"CVE-2022-0633","name":"CVE-2022-0633","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2022-0633","description":"[en] The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download the most recent site & database backup.","date":"2022-02-17"},{"id":"13f0beb6405a05035ae1afd4e259bc8f5333b21f","name":"WordPress UpdraftPlus plugin <= 1.22.1 - Arbitrary Backup Downloads vulnerability","link":"https:\/\/patchstack.com\/database\/wordpress\/plugin\/updraftplus\/vulnerability\/wordpress-updraftplus-plugin-1-22-1-arbitrary-backup-downloads-vulnerability","description":"Arbitrary Backup Downloads vulnerability discovered by Marc-Alexandre Montpas (Automattic) in WordPress UpdraftPlus plugin (versions <= 1.22.1).","date":"2022-02-17"},{"id":"986fbd4bdaddeb1be8eb3e0320d7505e755acd8d","name":"UpdraftPlus WordPress Backup Plugin < 1.22.3 - Sensitive Information Disclosure","link":"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/detail\/updraftplus-wordpress-backup-plugin-1223-sensitive-information-disclosure","description":"The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download the most recent site & database backup.\r\n\r\nThe UpdraftPlus WordPress Backup Plugin plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when performing a heartbeat function in versions up to 1.22.3. This makes it possible for authenticated attackers with minimal permissions such as a subscriber to retrieve the path to arbitrary back-up files which can subsequently be downloaded and used to gain sensitive information about the system. This also affects premium versions before before 2.22.3.","date":"2022-02-17"},{"id":"d257c28f-3c7e-422b-a5c2-e618ed3c0bf3","name":"UpdraftPlus Free < 1.22.3 & Premium < 2.22.3 - Subscriber+ Backup Download","link":"https:\/\/wpscan.com\/vulnerability\/d257c28f-3c7e-422b-a5c2-e618ed3c0bf3","description":"The plugins do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download the most recent site & database backup.","date":null}],"impact":{"cwe":[{"cwe":"CWE-863","name":"Incorrect Authorization","description":"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check."}]}},{"uuid":"649c62238f4e2b5348c4a03bb35d03b293de432d553f1589a5775633ddeef779","name":"UpdraftPlus: WP Backup & Migration Plugin [updraftplus] < 1.16.69","description":null,"operator":{"min_version":null,"min_operator":null,"max_version":"1.16.69","max_operator":"lt","unfixed":"0","closed":"0"},"source":[{"id":"CVE-2021-25089","name":"CVE-2021-25089","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2021-25089","description":"[en] The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.69 does not sanitise and escape the updraft_restore parameter before outputting it back in the Restore page, leading to a Reflected Cross-Site Scripting","date":"2022-02-01"},{"id":"9dbef93e7aa23f4bab94ab1dee67ef4d088b85c3","name":"WordPress UpdraftPlus plugin <= 1.16.66 - Reflected Cross-Site Scripting (XSS) vulnerability","link":"https:\/\/patchstack.com\/database\/wordpress\/plugin\/updraftplus\/vulnerability\/wordpress-updraftplus-plugin-1-16-66-reflected-cross-site-scripting-xss-vulnerability","description":"Reflected Cross-Site Scripting (XSS) vulnerability discovered by JrXnm in WordPress UpdraftPlus plugin (versions <= 1.16.66).","date":"2021-12-28"},{"id":"367b9b8212794440472f100dac2160146b1167ae","name":"UpdraftPlus WordPress Backup Plugin <= 1.16.68 - Reflected Cross-Site Scripting via updraft_restore","link":"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/updraftplus\/updraftplus-wordpress-backup-plugin-11668-reflected-cross-site-scripting-via-updraft-restore","description":"The UpdraftPlus WordPress Backup Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'updraft_restore' parameter in versions up to, and including, 1.16.68 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","date":"2021-12-28"},{"id":"5adb977e-f7bf-4d36-b625-87bc23d379c8","name":"UpdraftPlus < 1.16.69 - Reflected Cross-Site Scripting","link":"https:\/\/wpscan.com\/vulnerability\/5adb977e-f7bf-4d36-b625-87bc23d379c8","description":"The plugin does not sanitise and escape the updraft_restore parameter before outputting it back in the Restore page, leading to a Reflected Cross-Site Scripting","date":null}],"impact":{"cwe":[{"cwe":"CWE-79","name":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","description":"The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users."}]}},{"uuid":"d395f2171bbf7946a92bba818e078655ee9f203c461a813b0966cf520b0a6114","name":"UpdraftPlus: WP Backup & Migration Plugin [updraftplus] < 1.6.59","description":null,"operator":{"min_version":null,"min_operator":null,"max_version":"1.6.59","max_operator":"lt","unfixed":"0","closed":"0"},"source":[{"id":"CVE-2021-24423","name":"CVE-2021-24423","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2021-24423","description":"[en] The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.6.59 does not sanitise its updraft_service settings, allowing high privilege users to set malicious JavaScript payload in it and leading to a Stored Cross-Site Scripting issue","date":"2022-01-24"},{"id":"89b70349a2db2d43031bf18ec2164bd5dbf6b6fc","name":"UpdraftPlus WordPress Backup Plugin < 1.6.59 - Stored Cross-Site Scripting","link":"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/updraftplus\/updraftplus-wordpress-backup-plugin-1659-stored-cross-site-scripting","description":"The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.6.59 does not sanitise its updraft_service settings, allowing high privilege users to set malicious JavaScript payload in it and leading to a Stored Cross-Site Scripting issue","date":"2021-05-09"},{"id":"541974d6-2df8-4497-9aee-afd3b9024102","name":"UpdraftPlus < 1.16.59 - Admin+ Stored Cross-Site Scripting","link":"https:\/\/wpscan.com\/vulnerability\/541974d6-2df8-4497-9aee-afd3b9024102","description":"The plugin does not sanitise its updraft_service settings, allowing high privilege users to set malicious JavaScript payload in it and leading to a Stored Cross-Site Scripting issue","date":null}],"impact":{"cwe":[{"cwe":"CWE-79","name":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","description":"The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users."}]}},{"uuid":"da4e6ebe777c2d6656ee15aa85c2501b852ebd0ce2ecc08551366cf9952a24f1","name":"UpdraftPlus: WP Backup & Migration Plugin [updraftplus] < 1.16.66","description":null,"operator":{"min_version":null,"min_operator":null,"max_version":"1.16.66","max_operator":"lt","unfixed":"0","closed":"0"},"source":[{"id":"CVE-2021-25022","name":"CVE-2021-25022","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2021-25022","description":"[en] The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backup_timestamp and job_id parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues","date":"2022-01-03"},{"id":"6c749a84548ee82fd94c3451f1a8dd7bc69cd396","name":"WordPress UpdraftPlus plugin <= 1.16.65 - Reflected Cross-Site Scripting (XSS) vulnerability","link":"https:\/\/patchstack.com\/database\/wordpress\/plugin\/updraftplus\/vulnerability\/wordpress-updraftplus-plugin-1-16-65-reflected-cross-site-scripting-xss-vulnerability","description":"Reflected Cross-Site Scripting (XSS) vulnerability discovered by Krzysztof Zaj\u0105c in WordPress UpdraftPlus plugin (versions <= 1.16.65).","date":"2021-12-06"},{"id":"5aa9ea0d46c76d2fd6a645aab8f1afe0ed5e0936","name":"UpdraftPlus WordPress Backup Plugin <= 1.16.65 - Reflected Cross-Site Scripting","link":"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/updraftplus\/updraftplus-wordpress-backup-plugin-11665-reflected-cross-site-scripting","description":"The UpdraftPlus WordPress Backup Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'backup_timestamp' & 'job_id' parameters in versions up to, and including, 1.16.65 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","date":"2021-12-06"},{"id":"1801c7ae-2b5c-493f-969d-4bb19a9feb15","name":"UpdraftPlus < 1.16.66 - Reflected Cross-Site Scripting","link":"https:\/\/wpscan.com\/vulnerability\/1801c7ae-2b5c-493f-969d-4bb19a9feb15","description":"The plugin does not sanitise and escape the backup_timestamp and job_id parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues","date":null}],"impact":{"cwe":[{"cwe":"CWE-79","name":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","description":"The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users."}]}},{"uuid":"56d693c15c6e2dc8f57c5a7e36dae528fa80fa52e8f3002aaea61c5f78dea82a","name":"UpdraftPlus: WP Backup & Migration Plugin [updraftplus] < 1.9.64","description":null,"operator":{"min_version":null,"min_operator":null,"max_version":"1.9.64","max_operator":"lt","unfixed":"0","closed":"0"},"source":[{"id":"CVE-2015-9360","name":"CVE-2015-9360","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2015-9360","description":"[en] The updraftplus plugin before 1.9.64 for WordPress has XSS via add_query_arg() and remove_query_arg().","date":"2019-08-28"},{"id":"5fa8ca3288f1311f4d3e6c2b9fc3dd34d810001d","name":"UpdraftPlus <= 1.9.63 and UpdraftPlus (paid) <= 2.9.63 - Cross-Site Scripting","link":"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/detail\/updraftplus-1963-and-updraftplus-paid-2963-cross-site-scripting","description":"The UpdraftPlus free plugin before 1.9.64 (and UpdraftPlus paid before 2.9.64) are vulnerable to Cross-Site Scripting via add_query_arg() and remove_query_arg().","date":"2020-09-22"}],"impact":{"cwe":[{"cwe":"CWE-79","name":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","description":"The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users."}]}},{"uuid":"41e2cab8c8b992073c441eea2de7fa86484b04d08b76d17c80f21a8b802c992b","name":"UpdraftPlus: WP Backup & Migration Plugin [updraftplus] < 1.13.5","description":null,"operator":{"min_version":null,"min_operator":null,"max_version":"1.13.5","max_operator":"lt","unfixed":"0","closed":"0"},"source":[{"id":"CVE-2017-18593","name":"CVE-2017-18593","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2017-18593","description":"[en] The updraftplus plugin before 1.13.5 for WordPress has XSS in rare cases where an attacker controls a string logged to a log file.","date":"2019-08-28"},{"id":"6864a33e-9ba9-4584-b1ac-dd8a793bdb53","name":"Updraftplus < 1.13.5 - XSS","link":"https:\/\/wpscan.com\/vulnerability\/6864a33e-9ba9-4584-b1ac-dd8a793bdb53","description":"The UpdraftPlus WordPress Backup Plugin WordPress plugin was affected by a XSS security vulnerability.","date":null},{"id":"9aad26a74db4da63fd528fc53e0b079f928f552d","name":"UpdraftPlus <= 1.13.4 - Stored Cross-Site Scripting","link":"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/updraftplus\/updraftplus-1134-stored-cross-site-scripting","description":"The updraftplus plugin before 1.13.5 for WordPress has XSS in rare cases where an attacker controls a string logged to a log file.","date":"2017-08-08"}],"impact":{"cwe":[{"cwe":"CWE-79","name":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","description":"The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users."}]}},{"uuid":"095beee3051762b42db623c24a4f8528eacdf8c1335d7154e63cc71634aafe29","name":"UpdraftPlus: WP Backup & Migration Plugin [updraftplus] <= 1.13.12","description":null,"operator":{"min_version":null,"min_operator":null,"max_version":"1.13.12","max_operator":"le","unfixed":"0","closed":"0"},"source":[{"id":"CVE-2017-16871","name":"CVE-2017-16871","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2017-16871","description":"[en] The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in \/wp-content\/plugins\/updraftplus\/admin.php has a race condition before deleting a file associated with the name parameter. NOTE: the vendor reports that this does not cross a privilege boundary","date":"2017-11-17"}],"impact":{"cwe":[{"cwe":"CWE-94","name":"Improper Control of Generation of Code ('Code Injection')","description":"The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment."}]}},{"uuid":"bfbf1cd1052c76613aa0d522ad0aec142b654ef4a956961862533b5f26205a0a","name":"UpdraftPlus: WP Backup & Migration Plugin [updraftplus] <= 1.13.12","description":null,"operator":{"min_version":null,"min_operator":null,"max_version":"1.13.12","max_operator":"le","unfixed":"0","closed":"0"},"source":[{"id":"CVE-2017-16870","name":"CVE-2017-16870","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2017-16870","description":"[en] The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in \/wp-content\/plugins\/updraftplus\/admin.php via an httpget subaction. NOTE: the vendor reports that this does not cross a privilege boundary","date":"2017-11-17"}],"impact":{"cwe":[{"cwe":"CWE-918","name":"Server-Side Request Forgery (SSRF)","description":"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination."}]}},{"uuid":"f046d3a71e6cf72ca6b4bbc71a813bdd5e9fd3e845ab223240eb981b21ba1f53","name":"UpdraftPlus: WP Backup & Migration Plugin [updraftplus] < 1.22.9","description":null,"operator":{"min_version":null,"min_operator":null,"max_version":"1.22.9","max_operator":"lt","unfixed":"0","closed":"0"},"source":[{"id":"CVE-2022-0864","name":"CVE-2022-0864","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2022-0864","description":"[en] The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.","date":"2022-04-04"},{"id":"39c61bd7c236e727d6cb8789d15be6a42dcca3a8","name":"WordPress UpdraftPlus plugin <= 1.22.8 - Reflected Cross-Site Scripting (XSS) vulnerability","link":"https:\/\/patchstack.com\/database\/wordpress\/plugin\/updraftplus\/vulnerability\/wordpress-updraftplus-plugin-1-22-8-reflected-cross-site-scripting-xss-vulnerability","description":"Reflected Cross-Site Scripting (XSS) vulnerability discovered by Taurus Omar in WordPress UpdraftPlus plugin (versions <= 1.22.8).","date":"2022-03-10"},{"id":"7591ad8f27698a18d7c0c2a930c908f8f9313ec2","name":"UpdraftPlus WordPress Backup Plugin < 1.22.9 Reflected Cross-Site Scripting","link":"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/updraftplus\/updraftplus-wordpress-backup-plugin-1229-reflected-cross-site-scripting","description":"The \"UpdraftPlus WordPress Backup Plugin\" plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'updraft_interval' parameter in versions up to 1.22.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","date":"2022-04-07"},{"id":"7337543f-4c2c-4365-aebf-3423e9d2f872","name":"UpdraftPlus < 1.22.9 - Reflected Cross-Site Scripting","link":"https:\/\/wpscan.com\/vulnerability\/7337543f-4c2c-4365-aebf-3423e9d2f872","description":"The plugin does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.","date":null}],"impact":{"cwe":[{"cwe":"CWE-79","name":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","description":"The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users."}]}},{"uuid":"7f8882fa1949e0aa6bd460b2464249c15ac7bf1dfca40b7493e64efc47368c89","name":"UpdraftPlus: WP Backup & Migration Plugin [updraftplus] < 1.16.59","description":null,"operator":{"min_version":null,"min_operator":null,"max_version":"1.16.59","max_operator":"lt","unfixed":"0","closed":"0"},"source":[{"id":"e04c60c26e8eebf4bfb2c1424566ed4506dbe63a","name":"WordPress UpdraftPlus plugin <= 1.16.58 - Local File Inclusion (LFI) vulnerability","link":"https:\/\/patchstack.com\/database\/wordpress\/plugin\/updraftplus\/vulnerability\/wordpress-updraftplus-plugin-1-16-58-local-file-inclusion-lfi-vulnerability","description":"Local File Inclusion (LFI) vulnerability discovered by WPScanTeam in WordPress UpdraftPlus plugin (versions <= 1.16.58).","date":"2021-07-12"}],"impact":[]},{"uuid":"cb1d77d83774be372f8690a0dc6c571803539fc1982333ff902bd9ef3ae88993","name":"UpdraftPlus: WP Backup & Migration Plugin [updraftplus] < 1.9.51","description":null,"operator":{"min_version":null,"min_operator":null,"max_version":"1.9.51","max_operator":"lt","unfixed":"0","closed":"0"},"source":[{"id":"52c33720758750dfbffdf911345d439a76584425","name":"WordPress UpdraftPlus Plugin <= 1.9.50 - Privilege Escalation","link":"https:\/\/patchstack.com\/database\/wordpress\/plugin\/updraftplus\/vulnerability\/wordpress-updraftplus-plugin-1-9-50-privilege-escalation","description":"This plugin is prone to a privilege escalation vulnerability.\nUpgrade the plugin.","date":"2015-02-03"}],"impact":[]},{"uuid":"98fe49343dfe4548988db9d233d7eda2d4d2ad72a57797987665b19c5b4757c9","name":"UpdraftPlus: WP Backup & Migration Plugin [updraftplus] < 1.9.6.4","description":null,"operator":{"min_version":null,"min_operator":null,"max_version":"1.9.6.4","max_operator":"lt","unfixed":"0","closed":"0"},"source":[{"id":"39a716700eeab3b79bd7ad1ce2502b12c39edbdf","name":"WordPress UpdraftPlus Backup & Restoration Plugin <= 1.9.6.3 - Cross Site Scripting","link":"https:\/\/patchstack.com\/database\/wordpress\/plugin\/updraftplus\/vulnerability\/wordpress-updraftplus-backup-restoration-plugin-1-9-6-3-cross-site-scripting","description":"This plugin is prone to a cross site scripting vulnerability, because of the misuse of the add_query_arg() and remove_query_arg() functions.\nUpdate the plugin.","date":"2015-04-20"}],"impact":[]},{"uuid":"4fbde90bf1ca73ea270c0451bdc41a565aa585d98120f6f04b5c88b76d7b1ca2","name":"UpdraftPlus: WP Backup & Migration Plugin [updraftplus] < 1.16.59","description":null,"operator":{"min_version":null,"min_operator":null,"max_version":"1.16.59","max_operator":"lt","unfixed":"0","closed":"0"},"source":[{"id":"6f962e2f7646182e368e866ff700901f550c8ff9","name":"UpdraftPlus < 1.16.59 - Authenticated (Admin+) Local File Inclusion","link":"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/updraftplus\/updraftplus-11659-authenticated-admin-local-file-inclusion","description":"The UpdraftPlus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.16.56 via the updraft_service settings. This makes it possible for authenticated attackers, with administrator-level permissions and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","date":"2021-07-12"}],"impact":[]},{"uuid":"29a474d946c0efb971799f5033826a1fd9ab909d59958d3995c57e3368df09b2","name":"UpdraftPlus: WP Backup & Migration Plugin [updraftplus] < 1.16.59","description":null,"operator":{"min_version":null,"min_operator":null,"max_version":"1.16.59","max_operator":"lt","unfixed":"0","closed":"0"},"source":[{"id":"afac65c6-b67a-4bc4-876f-5610037de24e","name":"UpdraftPlus < 1.16.59 - Admin+ Local File Inclusion","link":"https:\/\/wpscan.com\/vulnerability\/afac65c6-b67a-4bc4-876f-5610037de24e","description":"The plugin did not validate its updraft_service settings, and using the user supplied value to include the related file, leading to a Local File Inclusion issue","date":null}],"impact":[]},{"uuid":"92afc7a45f4d655557f1582a6384ada5bbfa06375348bdffae923d69e80c1ea6","name":"UpdraftPlus: WP Backup & Migration Plugin [updraftplus] < 1.9.6.4","description":null,"operator":{"min_version":null,"min_operator":null,"max_version":"1.9.6.4","max_operator":"lt","unfixed":"0","closed":"0"},"source":[{"id":"df8a444ab53684e2318a7f37fa6896887b2962da","name":"UpdraftPlus WordPress Backup <= 1.9.6.3 - Cross-Site Scripting","link":"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/updraftplus\/updraftplus-wordpress-backup-1963-cross-site-scripting","description":"The UpdraftPlus WordPress plugin for WordPress is vulnerable to Cross-Site Scripting via the 'add_query_arg()' and 'remove_query_arg()' functions in versions up to, and including, 1.9.6.3 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.","date":"2015-04-20"}],"impact":[]},{"uuid":"48e52c8a0c821fdf656a8c4222d1a9aef957e1b389375da001c3c4d3eee11df6","name":"UpdraftPlus: WP Backup & Migration Plugin [updraftplus] < 1.9.51","description":null,"operator":{"min_version":null,"min_operator":null,"max_version":"1.9.51","max_operator":"lt","unfixed":"0","closed":"0"},"source":[{"id":"f5d81bf72f8998bdfc29c059cd95683979b01257","name":"UpdraftPlus WordPress Backup Plugin <= 1.9.50 - Nonce Leak to Authorization Bypass","link":"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/updraftplus\/updraftplus-wordpress-backup-plugin-1950-nonce-leak-to-authorization-bypass","description":"The UpdraftPlus WordPress Backup Plugin for WordPress is vulnerable to nonce leak which leads to authorization bypass in versions up to, and including, 1.9.50. This is due to incorrect use of several 'admin_action_' hooks. This makes it possible for authenticated attackers to arbitrarily upload files, download backups and retrieve secret keys.","date":"2015-02-03"}],"impact":[]},{"uuid":"b12b946beb1d62756a87e635ab59687742eaf4be01831bab7f1de8c3df978de6","name":"UpdraftPlus: WP Backup & Migration Plugin [updraftplus] < 1.23.1","description":null,"operator":{"min_version":null,"min_operator":null,"max_version":"1.23.1","max_operator":"lt","unfixed":"0","closed":"0"},"source":[{"id":"187be3fe73faadeab9718fdd6f3d7614601d13c4","name":"Updraft Plus <= 1.22.24 - Information Disclosure via updraft_ajaxrestore","link":"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/updraftplus\/updraft-plus-12224-cross-site-request-forgery-via-updraft-ajaxrestore","description":"The Updraft Plus plugin for WordPress is vulnerable to information disclosure in versions up to, and including, 1.22.24. This is due to the fact that the 'updraft_ajaxrestore' function generates a log file containing system configuration information. This makes it possible for unauthenticated attackers to trigger generation of such a log file, though it is only possible to access it on configurations that do not respect the \"deny from all\" directive.","date":"2023-03-08"}],"impact":[]},{"uuid":"f024881a8f3076f8886cae313494a35502ef3f387950658b5448909bfe31fcee","name":"UpdraftPlus: WP Backup & Migration Plugin [updraftplus] < 1.23.1","description":null,"operator":{"min_version":null,"min_operator":null,"max_version":"1.23.1","max_operator":"lt","unfixed":"0","closed":"0"},"source":[{"id":"c4d2fbe669e27a54b83a51433b1f111156db8140","name":"WordPress UpdraftPlus Plugin <= 1.22.24 is vulnerable to Cross Site Request Forgery (CSRF)","link":"https:\/\/patchstack.com\/database\/vulnerability\/updraftplus\/wordpress-updraft-plus-plugin-1-22-24-cross-site-request-forgery-vulnerability","description":"Update the WordPress MainWP UpdraftPlus Extension plugin to the latest available version (at least 1.23.1).\nUnknown discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress UpdraftPlus Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. For example a password change which will then allow the malicious actor to login into the admin account. This vulnerability has been fixed in version 1.23.1.","date":"2023-03-09"}],"impact":[]},{"uuid":"e92602f78438ccd59ab3ba0320b24854fae302821e7ba0bc85054a2ac67ceb7f","name":"UpdraftPlus: WP Backup & Migration Plugin [updraftplus] >= 1.22.14 - <= 1.23.2","description":null,"operator":{"min_version":"1.22.14","min_operator":"ge","max_version":"1.23.2","max_operator":"le","unfixed":"0","closed":"0"},"source":[{"id":"7cce6805df504a0c665f59d5e17dd9cfab268eda","name":"UpdraftPlus 1.22.14 to 1.23.2 and UpdraftPlus (Premium) 2.22.14 to 2.23.2 - Privilege Escalation via updraft_central_ajax_handler","link":"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/updraftplus\/updraft-plus-12214-to-1232-privilege-escalation-via-updraft-central-ajax-handler","description":"The UpdraftPlus plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization on the 'updraft_central_ajax_handler' function in versions from 1.22.14 to 1.23.2 inclusive, and 2.22.14 to 2.23.2 of the premium version. This allows authenticated attackers, with subscriber-level permissions or above, to update the plugin's settings in such a way that can allow them to perform administrator-level actions on some sites.","date":"2023-03-16"}],"impact":[]},{"uuid":"8057ee50410dc4e1ecf90066c8a5d39ccd70c96dcbf5433ed77f9dc042ef0b1f","name":"UpdraftPlus: WP Backup & Migration Plugin [updraftplus] >= 1.22.14 - <= 1.23.2","description":null,"operator":{"min_version":"1.22.14","min_operator":"ge","max_version":"1.23.2","max_operator":"le","unfixed":"0","closed":"0"},"source":[{"id":"ea60cb24ec4a2ac47c31bb4da5e6cd1e152df830","name":"WordPress UpdraftPlus Plugin 1.22.14-1.23.2 is vulnerable to Broken Access Control","link":"https:\/\/patchstack.com\/database\/wordpress\/plugin\/updraftplus\/vulnerability\/wordpress-updraftplus-plugin-1-22-14-1-23-2-broken-access-control-vulnerability","description":"Update the WordPress UpdraftPlus plugin to the latest available version (at least 1.23.3).\nAn unknown person discovered and reported this Broken Access Control vulnerability in WordPress UpdraftPlus Plugin. This vulnerability has been fixed in version 1.23.3.","date":"2023-03-16"}],"impact":[]},{"uuid":"555fd61b91e3a60fca1542a05232f4f87c31869f989ea66a27f947188dd5ebbc","name":"UpdraftPlus: WP Backup & Migration Plugin [updraftplus] >= 2.22.14 - <= 2.23.2","description":null,"operator":{"min_version":"2.22.14","min_operator":"ge","max_version":"2.23.2","max_operator":"le","unfixed":"0","closed":"0"},"source":[{"id":"32c29b79fa151bdb524cda6ced77af3829913797","name":"WordPress UpdraftPlus Plugin 2.22.14-2.23.2 is vulnerable to Broken Access Control","link":"https:\/\/patchstack.com\/database\/wordpress\/plugin\/updraftplus\/vulnerability\/wordpress-updraftplus-pro-plugin-2-22-14-2-23-2-broken-access-control-vulnerability","description":"Update the WordPress UpdraftPlus PRO plugin to the latest available version (at least 2.23.3).\nAn unknown person discovered and reported this Broken Access Control vulnerability in WordPress UpdraftPlus Plugin. This vulnerability has been fixed in version 2.23.3.","date":"2023-03-16"}],"impact":[]},{"uuid":"7ab828d4e07aee201e295e9b0bd5ae19d79c440787088e1151573f429bdaee97","name":"UpdraftPlus: WP Backup & Migration Plugin [updraftplus] < 1.23.4","description":null,"operator":{"min_version":null,"min_operator":null,"max_version":"1.23.4","max_operator":"lt","unfixed":"0","closed":"0"},"source":[{"id":"CVE-2023-32960","name":"CVE-2023-32960","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2023-32960","description":"[en] Cross-Site Request Forgery (CSRF) vulnerability in UpdraftPlus.Com, DavidAnderson UpdraftPlus WordPress Backup Plugin <=\u00a01.23.3 versions leads to sitewide Cross-Site Scripting (XSS).","date":"2023-06-22"},{"id":"52b5c27e588ace2b58ca6826dbe0b53ce20d905b","name":"WordPress UpdraftPlus Plugin <= 1.23.3 is vulnerable to Cross Site Request Forgery (CSRF)","link":"https:\/\/patchstack.com\/database\/wordpress\/plugin\/updraftplus\/vulnerability\/wordpress-updraftplus-plugin-1-23-3-csrf-lead-to-wp-admin-site-wide-xss-vulnerability","description":"Update the WordPress UpdraftPlus plugin to the latest available version (at least 1.23.4).\nRafie Muhammad (Patchstack) discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress UpdraftPlus Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This vulnerability has been fixed in version 1.23.4.","date":"2023-05-18"},{"id":"354cc99849ab8b6e2e6b8d2dcd596ffb71da9881","name":"UpdraftPlus <= 1.23.3 - Cross-Site Request Forgery to Cross-Site Scripting via action_authenticate_storage","link":"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/updraftplus\/updraftplus-1233-cross-site-request-forgery-to-cross-site-scripting-via-action-authenticate-storage","description":"The UpdraftPlus plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.23.3. This is due to missing or incorrect nonce validation on the action_authenticate_storage function. This makes it possible for unauthenticated attackers to inject JavaScript into a parameter in the authentication process via a forged request which will execute in their browser at another part of the process, granted they can trick a site administrator into performing multiple actions including re-authenticating a connection to storage.","date":"2023-05-18"},{"id":"eb9f67b9-1956-4485-a007-1eb932288200","name":"UpdraftPlus < 1.23.4 - CSRF","link":"https:\/\/wpscan.com\/vulnerability\/eb9f67b9-1956-4485-a007-1eb932288200","description":"The plugin does not have CSRF check in the action_authenticate_storage, which could allow attackers to make logged in admins inject JavaScript into a parameter in the authentication process via a CSRF attack when they can trick an admin to perform multiple actions including re-authenticating a connection to a storage.","date":null}],"impact":{"cvss":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:L","av":"n","ac":"l","pr":"n","ui":"r","s":"c","c":"l","i":"l","a":"l","score":"7.1","severity":"h","exploitable":"0.0","impact":"0.0"},"cwe":[{"cwe":"CWE-352","name":"Cross-Site Request Forgery (CSRF)","description":"The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor."}]}},{"uuid":"2924c420eb2771c496e505467f964f82595deffd8943f45f5ee5204533578e90","name":"UpdraftPlus: WP Backup & Migration Plugin [updraftplus] < 1.23.1","description":null,"operator":{"min_version":null,"min_operator":null,"max_version":"1.23.1","max_operator":"lt","unfixed":"0","closed":"0"},"source":[{"id":"89aa8b548b68d124cf0bc0fc5ce46824512093c4","name":"WordPress UpdraftPlus Plugin <= 1.22.24 is vulnerable to Sensitive Data Exposure","link":"https:\/\/patchstack.com\/database\/wordpress\/plugin\/updraftplus\/vulnerability\/wordpress-updraft-plus-plugin-1-22-24-sensitive-data-exposure-vulnerability","description":"Update the WordPress UpdraftPlus Extension plugin to the latest available version (at least 1.23.1).\nUnknown discovered and reported this Sensitive Data Exposure vulnerability in WordPress UpdraftPlus Plugin. This vulnerability has been fixed in version 1.23.1.","date":"2023-03-09"}],"impact":[]},{"uuid":"a11ef97193aa2adad85090b11b8ff796e3f6252040497333ba25851db106fa1b","name":"UpdraftPlus: WP Backup & Migration Plugin [updraftplus] < 1.23.11","description":null,"operator":{"min_version":null,"min_operator":null,"max_version":"1.23.11","max_operator":"lt","unfixed":"0","closed":"0"},"source":[{"id":"CVE-2023-5982","name":"CVE-2023-5982","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2023-5982","description":"[en] The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10. This is due to a lack of nonce validation and insufficient validation of the instance_id on the 'updraftmethod-googledrive-auth' action used to update Google Drive remote storage location. This makes it possible for unauthenticated attackers to modify the Google Drive location that backups are sent to via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This can make it possible for attackers to receive backups for a site which may contain sensitive information.","date":"2023-11-07"},{"id":"3c03d0dca2e71abbfb9fcfb5aad089c7592f31ca","name":"UpdraftPlus <= 1.23.10 - Cross-Site Request Forgery to Google Drive Storage Update","link":"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/updraftplus\/updraftplus-12310-cross-site-request-forgery-to-google-drive-storage-update","description":"The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10. This is due to a lack of nonce validation and insufficient validation of the instance_id on the 'updraftmethod-googledrive-auth' action used to update Google Drive remote storage location. This makes it possible for unauthenticated attackers to modify the Google Drive location that backups are sent to via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This can make it possible for attackers to receive backups for a site which may contain sensitive information.","date":"2023-11-07"},{"id":"92496302b2fde2b95563d2a22dcaf6ba6a6db458","name":"WordPress UpdraftPlus Plugin <= 1.23.10 is vulnerable to Cross Site Request Forgery (CSRF)","link":"https:\/\/patchstack.com\/database\/wordpress\/plugin\/updraftplus\/vulnerability\/wordpress-updraftplus-plugin-1-23-10-cross-site-request-forgery-to-google-drive-storage-update-vulnerability","description":"Update the WordPress UpdraftPlus plugin to the latest available version (at least 1.23.11).\nNicolas Decayeux discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress UpdraftPlus Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This vulnerability has been fixed in version 1.23.11.","date":"2023-11-07"},{"id":"4be35cd3-4a39-4223-8ff4-35b542224b54","name":"UpdraftPlus: WordPress Backup & Migration < 1.23.11 - Google Drive Storage Update via CSRF","link":"https:\/\/wpscan.com\/vulnerability\/4be35cd3-4a39-4223-8ff4-35b542224b54","description":"The plugin is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10. This is due to a lack of nonce validation and insufficient validation of the instance_id on the 'updraftmethod-googledrive-auth' action used to update Google Drive remote storage location. This makes it possible for unauthenticated attackers to modify the Google Drive location that backups are sent to via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This can make it possible for attackers to receive backups for a site which may contain sensitive information.","date":null}],"impact":{"cvss":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:L\/I:L\/A:N","av":"n","ac":"l","pr":"n","ui":"r","s":"u","c":"l","i":"l","a":"n","score":"5.4","severity":"m","exploitable":"0.0","impact":"0.0"},"cwe":[{"cwe":"CWE-352","name":"Cross-Site Request Forgery (CSRF)","description":"The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor."}]}},{"uuid":"4c9b147c196372527ccf7e94b5952f73cf4e17c80a411ca4485ffb2e364bc161","name":"UpdraftPlus: WP Backup & Migration Plugin [updraftplus] < 1.24.12","description":null,"operator":{"min_version":null,"min_operator":null,"max_version":"1.24.12","max_operator":"lt","unfixed":"0","closed":"0"},"source":[{"id":"CVE-2024-10957","name":"CVE-2024-10957","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2024-10957","description":"[en] The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from 1.23.8 to 1.24.11 via deserialization of untrusted input in the 'recursive_unserialized_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. An administrator must perform a search and replace action to trigger the exploit.","date":"2025-01-04"},{"id":"7a8e6b2ca78304f2363524df729c7fa6479d036d","name":"UpdraftPlus: WP Backup & Migration Plugin 1.23.8 - 1.24.11 - Unauthenticated PHP Object Injection","link":"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/updraftplus\/updraftplus-wp-backup-migration-plugin-12411-unauthenticated-php-object-injection","description":"The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from 1.23.8 to 1.24.11 via deserialization of untrusted input in the 'recursive_unserialized_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. An administrator must perform a search and replace action to trigger the exploit.","date":"2025-01-03"},{"id":"aa00c58cd64428ab8ce572f7194bd9a2e1a8a689","name":"WordPress UpdraftPlus Plugin <= 1.24.11 is vulnerable to PHP Object Injection","link":"https:\/\/patchstack.com\/database\/wordpress\/plugin\/updraftplus\/vulnerability\/wordpress-updraftplus-plugin-1-24-11-unauthenticated-php-object-injection-vulnerability","description":"

WordPress UpdraftPlus Plugin <= 1.24.11 is vulnerable to PHP Object Injection<\/p>

Software: UpdraftPlus<\/p>

Fixed in version 1.24.12 <\/p>

Affected Version <= 1.24.11<\/p>

CVE: CVE-2024-10957<\/p>","date":"2025-01-06"}],"impact":{"cvss":{"version":"3.1","vector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:H","av":"n","ac":"l","pr":"n","ui":"r","s":"u","c":"h","i":"h","a":"h","score":"8.8","severity":"h","exploitable":"0.0","impact":"0.0"},"cwe":[{"cwe":"CWE-502","name":"Deserialization of Untrusted Data","description":"The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid."}]}},{"uuid":"e52df0e09a48b69fe84dbc912ed1fabee8553e4ebdb43a35d469b30ff7caa0a7","name":"UpdraftPlus: WP Backup & Migration Plugin [updraftplus] < 1.25.1","description":null,"operator":{"min_version":null,"min_operator":null,"max_version":"1.25.1","max_operator":"lt","unfixed":"0","closed":"0"},"source":[{"id":"CVE-2025-0215","name":"CVE-2025-0215","link":"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-0215","description":"","date":null},{"id":"c1724d8ad30a9ad5d305337e56f0fe9edd8362ca","name":"UpdraftPlus - Backup\/Restore <= 1.24.12 - Reflected Cross-Site Scripting","link":"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/updraftplus\/updraftplus-backuprestore-12412-reflected-cross-site-scripting","description":"The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the showdata and initiate_restore parameters in all versions up to, and including, 1.24.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an admin user into performing an action such as clicking on a link.","date":"2025-01-15"}],"impact":[]}]},"updated":"1761015369"}