cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2023-32960,https://securityvulnerability.io/vulnerability/CVE-2023-32960,WordPress UpdraftPlus Plugin <= 1.23.3 is vulnerable to Cross Site Request Forgery (CSRF),"Cross-Site Request Forgery (CSRF) vulnerability in UpdraftPlus.Com, DavidAnderson UpdraftPlus WordPress Backup Plugin <= 1.23.3 versions leads to sitewide Cross-Site Scripting (XSS).",Wordpress,UpdraftPlus WordPress Backup Plugin,6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2023-06-22T13:15:00.000Z,0 CVE-2022-0864,https://securityvulnerability.io/vulnerability/CVE-2022-0864,UpdraftPlus < 1.22.9 - Reflected Cross-Site Scripting,"The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.",Wordpress,UpdraftPlus WordPress Backup Plugin,6.1,MEDIUM,0.005510000046342611,false,,false,false,false,,,false,false,,2022-04-04T15:35:53.000Z,0 CVE-2022-0633,https://securityvulnerability.io/vulnerability/CVE-2022-0633,UpdraftPlus Free < 1.22.3 & Premium < 2.22.3 - Subscriber+ Backup Download,"The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download the most recent site & database backup.",Wordpress,"UpdraftPlus WordPress Backup Plugin (Free),UpdraftPlus WordPress Backup Plugin (Premium)",6.5,MEDIUM,0.005880000069737434,false,,false,false,false,,,false,false,,2022-02-17T18:45:11.000Z,0 CVE-2021-25089,https://securityvulnerability.io/vulnerability/CVE-2021-25089,UpdraftPlus < 1.16.69 - Reflected Cross-Site Scripting,"The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.69 does not sanitise and escape the updraft_restore parameter before outputting it back in the Restore page, leading to a Reflected Cross-Site Scripting",Wordpress,Updraftplus WordPress Backup Plugin,6.1,MEDIUM,0.0007999999797903001,false,,false,false,false,,,false,false,,2022-02-01T12:21:37.000Z,0 CVE-2021-24423,https://securityvulnerability.io/vulnerability/CVE-2021-24423,UpdraftPlus < 1.16.59 - Admin+ Stored Cross-Site Scripting,"The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.6.59 does not sanitise its updraft_service settings, allowing high privilege users to set malicious JavaScript payload in it and leading to a Stored Cross-Site Scripting issue",Wordpress,Updraftplus WordPress Backup Plugin,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-01-24T08:00:45.000Z,0 CVE-2021-25022,https://securityvulnerability.io/vulnerability/CVE-2021-25022,UpdraftPlus < 1.16.66 - Reflected Cross-Site Scripting,"The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backup_timestamp and job_id parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues",Wordpress,Updraftplus WordPress Backup Plugin,6.1,MEDIUM,0.0008500000112690032,false,,false,false,false,,,false,false,,2022-01-03T12:49:15.000Z,0