WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. A cross-site scripting vulnerability exists in the WordPress UpdraftPlus Backup Plugin in versions prior to 1.16.69. The vulnerability stems from the failure to escape the updraft_restore parameter and can be exploited by attackers to The vulnerability is caused by the lack of escaping the updraft_restore parameter, which can be exploited to execute JavaScript code on the client side.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress updraftplus backup plugin | lt | 1.16.69 |