cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-5982,https://securityvulnerability.io/vulnerability/CVE-2023-5982,Cross-Site Request Forgery Vulnerability in UpdraftPlus Backup Plugin for WordPress,"The UpdraftPlus Backup & Migration plugin for WordPress is affected by a Cross-Site Request Forgery vulnerability due to inadequate nonce validation and insufficient verification of the instance_id in the 'updraftmethod-googledrive-auth' action. An unauthenticated attacker can trick a site administrator into clicking a malicious link, enabling them to alter the Google Drive backup destination. This could lead to the attacker receiving backups that may contain sensitive site information, putting the site's security at significant risk.",Wordpress,UpdraftPlus: WordPress Backup & Migration Plugin,5.4,MEDIUM,0.0005099999834783375,false,,false,false,false,,false,false,2023-11-07T21:15:00.000Z,0
CVE-2023-32960,https://securityvulnerability.io/vulnerability/CVE-2023-32960,WordPress UpdraftPlus Plugin <= 1.23.3 is vulnerable to Cross Site Request Forgery (CSRF),"Cross-Site Request Forgery (CSRF) vulnerability in UpdraftPlus.Com, DavidAnderson UpdraftPlus WordPress Backup Plugin <= 1.23.3 versions leads to sitewide Cross-Site Scripting (XSS).",Wordpress,UpdraftPlus WordPress Backup Plugin,6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2023-06-22T13:15:00.000Z,0
CVE-2022-0864,https://securityvulnerability.io/vulnerability/CVE-2022-0864,UpdraftPlus < 1.22.9 - Reflected Cross-Site Scripting,"The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.",Wordpress,UpdraftPlus WordPress Backup Plugin,6.1,MEDIUM,0.005510000046342611,false,,false,false,false,,false,false,2022-04-04T15:35:53.000Z,0
CVE-2022-0633,https://securityvulnerability.io/vulnerability/CVE-2022-0633,UpdraftPlus Free < 1.22.3 & Premium < 2.22.3 - Subscriber+ Backup Download,"The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download the most recent site & database backup.",Wordpress,"UpdraftPlus WordPress Backup Plugin (Free),UpdraftPlus WordPress Backup Plugin (Premium)",6.5,MEDIUM,0.004579999949783087,false,,false,false,false,,false,false,2022-02-17T18:45:11.000Z,0
CVE-2021-25089,https://securityvulnerability.io/vulnerability/CVE-2021-25089,UpdraftPlus < 1.16.69 - Reflected Cross-Site Scripting,"The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.69 does not sanitise and escape the updraft_restore parameter before outputting it back in the Restore page, leading to a Reflected Cross-Site Scripting",Wordpress,Updraftplus WordPress Backup Plugin,6.1,MEDIUM,0.0007999999797903001,false,,false,false,false,,false,false,2022-02-01T12:21:37.000Z,0
CVE-2021-24423,https://securityvulnerability.io/vulnerability/CVE-2021-24423,UpdraftPlus < 1.16.59 - Admin+ Stored Cross-Site Scripting,"The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.6.59 does not sanitise its updraft_service settings, allowing high privilege users to set malicious JavaScript payload in it and leading to a Stored Cross-Site Scripting issue",Wordpress,Updraftplus WordPress Backup Plugin,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-01-24T08:00:45.000Z,0
CVE-2021-25022,https://securityvulnerability.io/vulnerability/CVE-2021-25022,UpdraftPlus < 1.16.66 - Reflected Cross-Site Scripting,"The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backup_timestamp and job_id parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues",Wordpress,Updraftplus WordPress Backup Plugin,6.1,MEDIUM,0.0008500000112690032,false,,false,false,false,,false,false,2022-01-03T12:49:15.000Z,0