7.1

CVE-2023-32960

WordPress UpdraftPlus Plugin <= 1.23.3 is vulnerable to Cross Site Request Forgery (CSRF)

UpdraftPlus <= 1.23.3 - Cross-Site Request Forgery to Cross-Site Scripting via action_authenticate_storage

Cross-Site Request Forgery (CSRF) vulnerability in UpdraftPlus.Com, DavidAnderson UpdraftPlus WordPress Backup Plugin <= 1.23.3 versions leads to sitewide Cross-Site Scripting (XSS).
Mögliche Gegenmaßnahme
UpdraftPlus: WP Backup & Migration Plugin: Update to version 1.23.4, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
UpdraftplusUpdraftplus SwPlatformwordpress Version <= 1.23.3
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt UpdraftPlus: WP Backup & Migration Plugin
Version *-1.23.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.108
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
audit@patchstack.com 7.1 2.8 3.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://patchstack.com/database/vulnerability/updraftplus/wordpress-updraftplus-plugin-1-23-3-csrf-lead-to-wp-admin-site-wide-xss-vulnerability?_s_id=cve
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/597f06ac-f9c7-4dcb-bb72-15ed7e9d8ac6
Third Party Advisory