Medium 6.1
2025-01-15< 1.25.1
UpdraftPlus - Backup/Restore <= 1.24.12 - Reflected Cross-Site Scripting
UpdraftPlus: WP Backup & Migration Plugin
Minimum safe version
1.25.1
Update to 1.25.1 or later to address 21 fixable vulnerabilities
Latest available1.26.4 ✓Affected up to2.23.2 ⚠
High 8.8
2025-01-06< 1.24.12
WordPress UpdraftPlus Plugin <= 1.24.11 is vulnerable to PHP Object Injection
Medium 5.4
2023-11-07< 1.23.11
CVE-2023-5982
N/A
2023-03-09< 1.23.1
WordPress UpdraftPlus Plugin <= 1.22.24 is vulnerable to Sensitive Data Exposure
High 7.1
2023-06-22< 1.23.4
CVE-2023-32960
N/A
2023-03-16≥ 2.22.14 and ≤ 2.23.2
WordPress UpdraftPlus Plugin 2.22.14-2.23.2 is vulnerable to Broken Access Control
N/A
2023-03-16≥ 1.22.14 and ≤ 1.23.2
WordPress UpdraftPlus Plugin 1.22.14-1.23.2 is vulnerable to Broken Access Control
N/A
2023-03-16≥ 1.22.14 and ≤ 1.23.2
UpdraftPlus 1.22.14 to 1.23.2 and UpdraftPlus (Premium) 2.22.14 to 2.23.2 - Privilege Escalation via updraft_central_ajax_handler
N/A
2023-03-09< 1.23.1
WordPress UpdraftPlus Plugin <= 1.22.24 is vulnerable to Cross Site Request Forgery (CSRF)
N/A
2023-03-08< 1.23.1
Updraft Plus <= 1.22.24 - Information Disclosure via updraft_ajaxrestore
N/A
2015-02-03< 1.9.51
UpdraftPlus WordPress Backup Plugin <= 1.9.50 - Nonce Leak to Authorization Bypass
N/A
2015-04-20< 1.9.6.4
UpdraftPlus WordPress Backup <= 1.9.6.3 - Cross-Site Scripting
N/A
< 1.16.59
UpdraftPlus < 1.16.59 - Admin+ Local File Inclusion
N/A
2021-07-12< 1.16.59
UpdraftPlus < 1.16.59 - Authenticated (Admin+) Local File Inclusion
N/A
2015-04-20< 1.9.6.4
WordPress UpdraftPlus Backup & Restoration Plugin <= 1.9.6.3 - Cross Site Scripting
N/A
2015-02-03< 1.9.51
WordPress UpdraftPlus Plugin <= 1.9.50 - Privilege Escalation
N/A
2021-07-12< 1.16.59
WordPress UpdraftPlus plugin <= 1.16.58 - Local File Inclusion (LFI) vulnerability
Medium 6.1
2022-04-07< 1.22.9
UpdraftPlus WordPress Backup Plugin < 1.22.9 Reflected Cross-Site Scripting
High 8.1
2017-11-17≤ 1.13.12
CVE-2017-16870
High 8.1
2017-11-17≤ 1.13.12
CVE-2017-16871
Medium 6.1
2019-08-28< 1.13.5
CVE-2017-18593
Medium 6.1
2020-09-22< 1.9.64
UpdraftPlus <= 1.9.63 and UpdraftPlus (paid) <= 2.9.63 - Cross-Site Scripting
Medium 6.1
2022-01-03< 1.16.66
CVE-2021-25022
Medium 4.8
2022-01-24< 1.6.59
CVE-2021-24423
Medium 6.1
2025-10-03< 1.16.69
CVE-2021-25089
Medium 6.5
2022-02-17< 1.22.3
CVE-2022-0633