CVE-2023-5982
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Summary
CVE-2023-5982 is a vulnerability affecting the UpdraftPlus: WordPress Backup & Migration Plugin. Versions up to and including 1.23.10 are susceptible to Cross-Site Request Forgery. The issue arises due to a lack of nonce validation and insufficient validation of the instance_id during the 'updraftmethod-googledrive-auth' action. With this weakness, unauthenticated attackers can manipulate the Google Drive remote storage location for backups, potentially gaining access to sensitive information by tricking site administrators into performing a specific action, such as clicking a malicious link.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- UpdraftPlus
Affected Vendors
- Updraftplus
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions