UpdraftPlus WordPress Backup Plugin

Information

Software Type Plugin
Software Slug updraftplus (view on wordpress.org)
Software Status Active
Software Author davidanderson
Software Website updraftplus.com
Software Downloads 98,193,208
Software Active Installs 3,000,000
Software Record Last Updated June 3, 2023

13 vulnerabilities

7.2
CVE ID Unknown
Jul 12, 2021
Researchers:
6.1
CVE ID Unknown
Apr 20, 2015
Researchers:
Title CVE ID CVSS Researchers Date
UpdraftPlus <= 1.23.3 - Cross-Site Request Forgery to Cross-Site Scripting via action_authenticate_storage CVE-2023-32960 6.1 Rafie Muhammad May 18, 2023
UpdraftPlus 1.22.14 to 1.23.2 and UpdraftPlus (Premium) 2.22.14 to 2.23.2 - Privilege Escalation via updraft_central_ajax_handler 8.8 March 16, 2023
Updraft Plus <= 1.22.24 - Information Disclosure via updraft_ajaxrestore 5.3 March 8, 2023
UpdraftPlus WordPress Backup Plugin < 1.22.9 Reflected Cross-Site Scripting CVE-2022-0864 6.1 Taurus Omar April 7, 2022
UpdraftPlus WordPress Backup Plugin < 1.22.3 - Sensitive Information Disclosure CVE-2022-0633 6.5 Marc-Alexandre Montpas February 17, 2022
UpdraftPlus WordPress Backup Plugin <= 1.16.68 - Reflected Cross-Site Scripting via updraft_restore CVE-2021-25089 6.1 ZhongFu Su December 28, 2021
UpdraftPlus WordPress Backup Plugin <= 1.16.65 - Reflected Cross-Site Scripting CVE-2021-25022 6.1 Krzysztof Zając December 6, 2021
UpdraftPlus < 1.16.59 - Authenticated (Admin+) Local File Inclusion 7.2 July 12, 2021
UpdraftPlus WordPress Backup Plugin < 1.6.59 - Stored Cross-Site Scripting CVE-2021-24423 4.8 FearZzZz May 9, 2021
UpdraftPlus <= 1.9.63 and UpdraftPlus (paid) <= 2.9.63 - Cross-Site Scripting CVE-2015-9360 6.1 September 22, 2020
UpdraftPlus <= 1.13.4 - Stored Cross-Site Scripting CVE-2017-18593 5.4 August 8, 2017
UpdraftPlus WordPress Backup <= 1.9.6.3 - Cross-Site Scripting 6.1 April 20, 2015
UpdraftPlus WordPress Backup Plugin <= 1.9.50 - Nonce Leak to Authorization Bypass 9.9 Marc-Alexandre Montpas February 3, 2015

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation