First published: Mon Jan 24 2022(Updated: )
The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.6.59 does not sanitise its updraft_service settings, allowing high privilege users to set malicious JavaScript payload in it and leading to a Stored Cross-Site Scripting issue
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Updraftplus Updraftplus | <1.16.59 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-24423.
The title of the vulnerability is 'The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.6.59 does not sanitise its updraft_service settings, allowing high privilege users to set malicious JavaScript payload in it and leading to a Stored Cross-Site Scripting issue'.
The severity of CVE-2021-24423 is medium (4.8).
CVE-2021-24423 affects the UpdraftPlus WordPress Backup Plugin version 1.6.59 and earlier.
The Stored Cross-Site Scripting issue can be exploited by high privilege users setting a malicious JavaScript payload in the updraft_service settings.