Known Vulnerabilities for products from Updraftplus

Listed below are 18 of the newest known vulnerabilities associated with the vendor "Updraftplus".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2024-1037 json	The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting...	Not Provided	2024-02-07	2026-04-08
CVE-2023-32960 json	Cross-Site Request Forgery (CSRF) vulnerability in UpdraftPlus.Com, DavidAnderson UpdraftPlus WordPress Backup Plugin <= 1.2...	6.1 - MEDIUM	2023-06-22	2023-06-28
CVE-2023-26530 json	Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Paul Kehrer Updraft plugin <= 0.6.1 versions.	6.1 - MEDIUM	2023-08-17	2023-08-22
CVE-2023-5982 json	The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ...	Not Provided	2023-11-07	2026-04-08
CVE-2023-1119 json	The WP-Optimize WordPress plugin before 3.2.13, SrbTransLatin WordPress plugin before 2.4.1 use a third-party library that re...	6.1 - MEDIUM	2023-07-10	2023-11-07
CVE-2023-0157 json	The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to...	4.8 - MEDIUM	2023-04-10	2023-11-07
CVE-2023-0156 json	The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages,...	4.9 - MEDIUM	2023-04-10	2023-11-07
CVE-2022-4346 json	The All-In-One Security (AIOS) WordPress plugin before 5.1.3 leaked settings of the plugin publicly, including the used email...	5.3 - MEDIUM	2023-01-23	2023-11-07
CVE-2022-4097 json	The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is susceptible to IP Spoofing attacks, which can lead to bypasse...	5.3 - MEDIUM	2022-12-12	2023-11-07
CVE-2022-0864 json	The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraft_interval para...	6.1 - MEDIUM	2022-04-04	2022-04-11
CVE-2022-0633 json	The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the require...	6.5 - MEDIUM	2022-02-17	2022-02-18
CVE-2021-25089 json	The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.69 does not sanitise and escape the updraft_restore para...	6.1 - MEDIUM	2022-02-01	2022-02-04
CVE-2021-25022 json	The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backup_timestamp and...	6.1 - MEDIUM	2022-01-03	2022-01-08
CVE-2021-24423 json	The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.6.59 does not sanitise its updraft_service settings, allowi...	4.8 - MEDIUM	2022-01-24	2023-11-07
CVE-2017-18593 json	The updraftplus plugin before 1.13.5 for WordPress has XSS in rare cases where an attacker controls a string logged to a log ...	6.1 - MEDIUM	2019-08-28	2019-08-30
CVE-2017-16871 json	DISPUTED The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_act...	8.1 - HIGH	2017-11-17	2023-11-07
CVE-2017-16870 json	DISPUTED The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-cont...	8.1 - HIGH	2017-11-17	2023-11-07
CVE-2015-9360 json	The updraftplus plugin before 1.9.64 for WordPress has XSS via add_query_arg() and remove_query_arg().	6.1 - MEDIUM	2019-08-28	2019-08-30

Known software with vulnerabilities from Updraftplus

Type	Vendor	Product	Version
Application	Updraftplus	Updraftplus	0.1