Every CVE whose affected-product data names Updraftplus, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2017-16871 — CVSS 8.1 (high): The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in…
CVE-2017-16870 — CVSS 8.1 (high): The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin…
CVE-2022-0633 — CVSS 6.5 (medium): The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges…
CVE-2022-0864 — CVSS 6.1 (medium): The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraft_interval parameter before…
CVE-2015-9360 — CVSS 6.1 (medium): The updraftplus plugin before 1.9.64 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVE-2017-18593 — CVSS 6.1 (medium): The updraftplus plugin before 1.13.5 for WordPress has XSS in rare cases where an attacker controls a string logged to a log file.
CVE-2021-25022 — CVSS 6.1 (medium): The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backup_timestamp and job_id…
CVE-2021-25089 — CVSS 6.1 (medium): The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.69 does not sanitise and escape the updraft_restore parameter before…
CVE-2023-5982 — CVSS 5.4 (medium): The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up…
CVE-2021-24423 — CVSS 4.8 (medium): The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.6.59 does not sanitise its updraft_service settings, allowing high…