CVE-2021-25022

State: PUBLISHED · Published: 2022-01-03 · Updated: 2025-05-22 · Assigner: WPScan

Description

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backup_timestamp and job_id parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues

CWE

CWE-79 — CWE-79 Cross-site Scripting (XSS)

Affected

Unknown / UpdraftPlus WordPress Backup Plugin — v=1.16.66 <1.16.66 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/1801c7ae-2b5c-493f-969d-4bb19a9feb15 x_refsource_MISC
https://plugins.trac.wordpress.org/changeset/2635585/updraftplus x_refsource_CONFIRM
https://plugins.trac.wordpress.org/changeset/2637112/updraftplus x_refsource_CONFIRM

Source

cvelistV5-main/cves/2021/25xxx/CVE-2021-25022.json