Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:updraftplus:updraftplus:1.23.10:*:*:*:*:wordpress:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-5982 |
The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10. This is due to a lack of nonce validation and insufficient validation of the instance_id on the 'updraftmethod-googledrive-auth' action used to update Google Drive remote storage location. This makes it possible for unauthenticated attackers to modify the Google Drive location that backups are sent to via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This can make it possible for attackers to receive backups for a site which may contain sensitive information. Published: November 07, 2023; 4:15:14 PM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |