cbcvebase.

Davidanderson Updraftplus Wp Backup Migration Plugin vulnerabilities

4 known vulnerabilities affecting davidanderson/updraftplus_wp_backup_migration_plugin.

Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2026-10795P1HIGHCVSS 8.1ExploitedPoC≤ 1.26.42026-06-11
CVE-2026-10795 [HIGH] CWE-347 CVE-2026-10795: The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication B The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.26.4 via the UpdraftPlus_Remote_Communications_V2::wp_loaded function. This is due to insufficient validation of the remote communications message format, where signature verification can be bypassed and unc
nvd
CVE-2024-10957P3HIGHCVSS 8.8≥ 1.23.8, ≤ 1.24.112025-01-04
CVE-2024-10957 [HIGH] CWE-502 CVE-2024-10957: The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injec The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from 1.23.8 to 1.24.11 via deserialization of untrusted input in the 'recursive_unserialized_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulner
nvd
CVE-2023-5982P4MEDIUMCVSS 5.4≤ 1.23.102023-11-07
CVE-2023-5982 [MEDIUM] CWE-352 CVE-2023-5982: The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross-Sit The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10. This is due to a lack of nonce validation and insufficient validation of the instance_id on the 'updraftmethod-googledrive-auth' action used to update Google Drive remote storage location.
nvd
CVE-2025-0215P4MEDIUMCVSS 6.1≤ 1.24.122025-01-15
CVE-2025-0215 [MEDIUM] CWE-79 CVE-2025-0215: The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Reflected Cross- The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the showdata and initiate_restore parameters in all versions up to, and including, 1.24.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts
nvd
Davidanderson Updraftplus Wp Backup Migration Plugin vulnerabilities | cvebase