Multiple files contain insufficient output escaping, allowing potential Cross-Site Scripting (XSS) attacks. User-controlled data, exception messages, URLs, and JavaScript contexts were not properly sanitized before output, enabling attackers to inject malicious scripts

This vulnerability affects the following application versions:

  • UpdraftPlus: WordPress Backup & Migration Plugin 1.23.4
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.23.5
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.23.6
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.23.7
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.23.8
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.23.9
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.23.10
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.23.11
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.23.12
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.23.13
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.23.15
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.23.16
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.24.1
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.24.2
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.24.3
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.24.4
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.24.5
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.24.6
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.24.7
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.24.8
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.24.9
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.24.10
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.24.11

Skriv et svar

Din e-mailadresse vil ikke blive publiceret. Krævede felter er markeret med *