Lucene search
HistoryJun 22, 2023 - 1:15 p.m.
CVE-2023-32960
cve-2023-32960
csrf
vulnerability
updraftplus.com
xss
nvd
wordpress backup plugin
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
0.0005 Low
EPSS
Percentile
17.4%
Cross-Site Request Forgery (CSRF) vulnerability in UpdraftPlus.Com, DavidAnderson UpdraftPlus WordPress Backup Plugin <=Β 1.23.3 versions leads to sitewide Cross-Site Scripting (XSS).
Affected configurations
Node
updraftplus.com\,_davidandersonupdraftplus_wordpress_backup_pluginRangeβ€1.23.3
| CPE | Name | Operator | Version |
|---|---|---|---|
| updraftplus:updraftplus | updraftplus | le | 1.23.3 |
CNA Affected
[
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "updraftplus",
"product": "UpdraftPlus WordPress Backup Plugin",
"vendor": "UpdraftPlus.Com, DavidAnderson",
"versions": [
{
"changes": [
{
"at": "1.23.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.23.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]Related
prion
prion
Cross site request forgery (csrf)
2023-06-22 13:15:00
openvas
openvas
WordPress UpdraftPlus Plugin < 1.23.4 CSRF Vulnerability
2023-07-10 00:00:00
nvd
nvd
CVE-2023-32960
2023-06-22 13:15:10
wpvulndb
wpvulndb
UpdraftPlus < 1.23.4 - CSRF
2023-05-18 00:00:00
cvelist
cvelist
thn
thn
wordfence
wordfence
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
0.0005 Low
EPSS
Percentile
17.4%
Related for CVE-2023-32960