UpdraftPlus < 1.16.69 – Reflected Cross-Site Scripting

Resolved

(@nittygrittytechy)

I am receiving this message from WP Manage. Thought you might like to know since I have your plugin on all my sites.

Description

The plugin does not sanitise and escape the updraft_restore parameter before outputting it back in the Restore page, leading to a Reflected Cross-Site Scripting

Proof of Concept

The PoC will be displayed on January 11, 2022, to give users the time to update.

The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)

Plugin Author David Anderson / Team Updraft
(@davidanderson)

4 years, 4 months ago

Hi,

That was fixed in UpdraftPlus 1.16.69, released towards the end of December – please update.

David

Viewing 1 replies (of 1 total)

The topic ‘UpdraftPlus < 1.16.69 – Reflected Cross-Site Scripting’ is closed to new replies.