CVE-2021-25022: UpdraftPlus < 1.16.66 - Reflected Cross-Site Scripting
First published: Mon Jan 03 2022(Updated: )
The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backup_timestamp and job_id parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Updraftplus Updraftplus | <1.16.66 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-25022?
CVE-2021-25022 is a vulnerability in the UpdraftPlus WordPress Backup Plugin WordPress plugin before version 1.16.66 that allows for Reflected Cross-Site Scripting (XSS) attacks.
How severe is CVE-2021-25022?
CVE-2021-25022 has a severity rating of 6.1 (medium).
What is the affected software?
The affected software is the UpdraftPlus WordPress Backup Plugin WordPress plugin before version 1.16.66.
What is the CWE category for CVE-2021-25022?
The CWE category for CVE-2021-25022 is CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')).
How can I fix CVE-2021-25022?
To fix CVE-2021-25022, update the UpdraftPlus WordPress Backup Plugin WordPress plugin to version 1.16.66 or later.
- collector/nvd-index
- agent/softwarecombine
- agent/remedy
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/title
- agent/references
- agent/first-publish-date
- agent/description
- agent/tags
- agent/event
- vendor/updraftplus
- canonical/updraftplus updraftplus