Updraftplus All-in-one Security — known CVE vulnerabilities
Every CVE whose affected-product data names Updraftplus All-in-one Security, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2024-1037 — CVSS 6.1 (medium): The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab'…
CVE-2022-4097 — CVSS 5.3 (medium): The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is susceptible to IP Spoofing attacks, which can lead to bypassed security…
CVE-2022-4346 — CVSS 5.3 (medium): The All-In-One Security (AIOS) WordPress plugin before 5.1.3 leaked settings of the plugin publicly, including the used email address.
CVE-2023-0156 — CVSS 4.9 (medium): The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an…
CVE-2023-0157 — CVSS 4.8 (medium): The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin…