WordPress Plugin Vulnerabilities

UpdraftPlus < 1.16.66 - Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape the backup_timestamp and job_id parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues

Proof of Concept

https://example.com/wp-admin/options-general.php?page=updraftplus&backup_timestamp=%3Cscript%3Ealert%28/XSS/%29%3B%3C%2Fscript%3E&action=updraft_restore

Affects Plugins

Plugin icon
updraftplus
Fixed in 1.16.66

References

CVE
CVE-2021-25022
URL
https://plugins.trac.wordpress.org/changeset/2635585/updraftplus
URL
https://plugins.trac.wordpress.org/changeset/2637112/updraftplus

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.5 (high)

Miscellaneous

Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
https://kazet.cc/
Verified
Yes
WPVDB ID
1801c7ae-2b5c-493f-969d-4bb19a9feb15

Timeline

Publicly Published
2021-12-06 (about 2 years ago)
Added
2021-12-06 (about 2 years ago)
Last Updated
2022-04-11 (about 2 years ago)

Other

Published
Title
Published
2016-07-19
Title
WooCommerce <= 2.6.2 - Authenticated Cross-Site Scripting (XSS)
Published
2015-08-26
Title
Role Scoper <= 1.3.64 - Authenticated Reflected Cross-Site Scripting (XSS)
Published
2024-04-19
Title
reCAPTCHA Jetpack <= 0.2.2 - Stored XSS via CSRF
Published
2014-06-12
Title
WP Restful <= 0.1 - Multiple XSS
Published
2024-04-30
Title
EventON < 2.2.15 - Admin+ Stored XSS