First published: Wed Aug 28 2019(Updated: )
The updraftplus plugin before 1.13.5 for WordPress has XSS in rare cases where an attacker controls a string logged to a log file.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Updraftplus Updraftplus | <1.13.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-18593 is a vulnerability in the updraftplus plugin for WordPress that allows for XSS attacks in certain scenarios.
CVE-2017-18593 has a severity rating of medium, with a CVSS score of 6.1.
The updraftplus plugin version up to, but not including, 1.13.5 is affected by CVE-2017-18593.
An attacker can exploit CVE-2017-18593 by controlling a string that is logged to a log file, which can then lead to XSS attacks.
Yes, upgrading to version 1.13.5 or later of the updraftplus plugin for WordPress fixes CVE-2017-18593.