Title: UpdraftPlus WordPress Backup Plugin Vulnerability
Last modified: May 2, 2023

---

# UpdraftPlus WordPress Backup Plugin Vulnerability

 *  Resolved [newcentury2021](https://wordpress.org/support/users/newcentury2021/)
 * (@newcentury2021)
 * [3 years, 1 month ago](https://wordpress.org/support/topic/updraftplus-wordpress-backup-plugin-vulnerability/)
 * Has anyone else received notice about a vulnerability with the UpdraftPlus plugin?
 * VULNERABILITY: Cross Site Scripting (XSS)
 * I received this notice via iThemes Security in their 4/26/23 report
 * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fupdraftplus-wordpress-backup-plugin-vulnerability%2F%3Foutput_format%3Dmd&locale=en_US)
   to see the link]_

Viewing 1 replies (of 1 total)

 *  Plugin Author [David Anderson / Team Updraft](https://wordpress.org/support/users/davidanderson/)
 * (@davidanderson)
 * [3 years, 1 month ago](https://wordpress.org/support/topic/updraftplus-wordpress-backup-plugin-vulnerability/#post-16707522)
 * That – [https://ithemes.com/blog/wordpress-vulnerability-report-april-26-2023/#vulnerability-11371](https://ithemes.com/blog/wordpress-vulnerability-report-april-26-2023/#vulnerability-11371)–
   is *Updraft*, not *UpdraftPlus*.
 * Updraft – [https://wordpress.org/plugins/updraft/](https://wordpress.org/plugins/updraft/)–
   is a plugin that was last updated 12 years ago (2011), for WordPress 3.1. Last
   time I looked at it a few years ago, it didn’t even load on any modern WordPress
   version (it pre-dates the release of PHP 5.3 !).
 * In my view it’s somewhat irresponsible of people to publish things like that 
   without clarification. On further investigation, it looks like a Patchstack researcher
   first published it – [https://patchstack.com/database/vulnerability/updraft/wordpress-updraft-plugin-0-6-1-cross-site-scripting-xss-vulnerability](https://patchstack.com/database/vulnerability/updraft/wordpress-updraft-plugin-0-6-1-cross-site-scripting-xss-vulnerability).
   Weird.

Viewing 1 replies (of 1 total)

The topic ‘UpdraftPlus WordPress Backup Plugin Vulnerability’ is closed to new replies.

 * ![](https://ps.w.org/updraftplus/assets/icon-256x256.jpg?rev=1686200)
 * [UpdraftPlus: WP Backup & Migration Plugin](https://wordpress.org/plugins/updraftplus/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/updraftplus/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/updraftplus/)
 * [Active Topics](https://wordpress.org/support/plugin/updraftplus/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/updraftplus/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/updraftplus/reviews/)

 * 2 replies
 * 2 participants
 * Last reply from: [David Anderson / Team Updraft](https://wordpress.org/support/users/davidanderson/)
 * Last activity: [3 years, 1 month ago](https://wordpress.org/support/topic/updraftplus-wordpress-backup-plugin-vulnerability/#post-16707522)
 * Status: resolved