The plugin emits several PHP-generated values directly into HTML and inline JavaScript contexts without applying context-appropriate escaping, allowing attacker-influenced data to break out of the surrounding string or markup and execute arbitrary script in an authenticated user’s browser. Affected sinks include option keys and values rendered into an admin table via htmlspecialchars() (which is not charset-aware and is weaker than WordPress’s esc_html()), as well as URLs and nonces interpolated into inline onclick handlers without esc_js(), leaving the JavaScript string literal vulnerable to quote- or backslash-based breakout. Exploitation requires that a value reaching one of these sinks be controllable by a lower-privileged user or external input, after which a logged-in administrator viewing the affected page would trigger script execution in their session context.

This vulnerability affects the following application versions:

  • UpdraftPlus: WordPress Backup & Migration Plugin 1.23.7
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.23.8
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.23.9
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.23.10
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.23.11
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.23.12
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.23.13
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.23.15
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.23.16
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.24.1
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.24.2
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.24.3
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.24.4
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.24.5
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.24.6
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.24.7
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.24.8
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.24.9
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.24.10
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.24.11

Skriv et svar

Din e-mailadresse vil ikke blive publiceret. Krævede felter er markeret med *