CVSS 3.1 Score 5.4 of 10 (medium)


Published Nov 7, 2023
Updated: Nov 15, 2023
CWE ID 352


CVE-2023-5982 is a vulnerability in the UpdraftPlus: WordPress Backup & Migration Plugin for WordPress, affecting all versions up to and including 1.23.10. It is categorized as a Cross-Site Request Forgery (CSRF) vulnerability (CWE-352). The vulnerability is due to a lack of nonce validation and insufficient validation of the instance_id on the 'updraftmethod-googledrive-auth' action. This allows unauthenticated attackers to modify the Google Drive location where backups are sent, potentially allowing them to receive backups containing sensitive information. The base severity of this vulnerability is rated as MEDIUM, with an exploitability score of 2.8 out of 10. The impact score is 2.5 out of 10, indicating low integrity and confidentiality impacts. Remediation should involve updating to a version that includes the necessary nonce validation and instance_id validation for the 'updraftmethod-googledrive-auth' action.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-5982 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options