CVE-2022-0864

State: PUBLISHED · Published: 2022-04-04 · Updated: 2024-08-02 · Assigner: WPScan

Description

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.

CWE

CWE-79 — CWE-79 Cross-site Scripting (XSS)

Affected

Unknown / UpdraftPlus WordPress Backup Plugin — v=1.22.9 <1.22.9 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/7337543f-4c2c-4365-aebf-3423e9d2f872 x_refsource_MISC
http://packetstormsecurity.com/files/166631/WordPress-UpdraftPlus-Cross-Site-Scripting.html x_refsource_MISC

Source

cvelistV5-main/cves/2022/0xxx/CVE-2022-0864.json