ByteOS Network

CVE Vulnerability Details :

CVE-2021-25022

PUBLISHED

More Info Official Page

Assigner-WPScan

Assigner Org ID-1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81

Published At-03 Jan, 2022 | 12:49

Updated At-22 May, 2025 | 18:40

▼CVE Numbering Authority (CNA)

UpdraftPlus < 1.16.66 - Reflected Cross-Site Scripting

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backup_timestamp and job_id parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues

Affected Products

Vendor

Unknown

Product

UpdraftPlus WordPress Backup Plugin

Versions

Affected

From 1.16.66 before 1.16.66 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-79	CWE-79 Cross-site Scripting (XSS)

Credits

Krzysztof Zając

References

Hyperlink	Resource
https://wpscan.com/vulnerability/1801c7ae-2b5c-493f-969d-4bb19a9feb15	x_refsource_MISC
https://plugins.trac.wordpress.org/changeset/2635585/updraftplus	x_refsource_CONFIRM
https://plugins.trac.wordpress.org/changeset/2637112/updraftplus	x_refsource_CONFIRM

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://wpscan.com/vulnerability/1801c7ae-2b5c-493f-969d-4bb19a9feb15	x_refsource_MISC x_transferred
https://plugins.trac.wordpress.org/changeset/2635585/updraftplus	x_refsource_CONFIRM x_transferred
https://plugins.trac.wordpress.org/changeset/2637112/updraftplus	x_refsource_CONFIRM x_transferred

2. CISA ADP Vulnrichment

Metrics

Version	Base score	Base severity	Vector
3.1	6.1	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References