Cve 2025 0215 . New Features November 2022 Phoenix Security CVE-2025-0215 Vulnerability, Severity 0 N/A, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') This makes it possible for unauthenticated attackers to inject arbitrary web scripts.
Citrix Cve 20254966 David Mcgrath from davidmcgrath.pages.dev
Description CVE-2025-0215 pertains to a Reflected Cross-Site Scripting (XSS) vulnerability found in the UpdraftPlus: WP Backup & Migration Plugin for WordPress Unauthenticated attackers can exploit this flaw by injecting arbitrary web scripts.
Citrix Cve 20254966 David Mcgrath The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the showdata and initiate_restore parameters in all versions up to, and including, 1.24.12 due to insufficient input sanitization and output escaping This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can. Unauthenticated attackers can exploit this flaw by injecting arbitrary web scripts.
Source: zigiesyld.pages.dev CVE20250282 AttackerKB , The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the showdata and initiate_restore parameters in all versions up to, and including, 1.24.12 due to insufficient input sanitization and output escaping Information Technology Laboratory National Vulnerability DatabaseVulnerabilities
Source: cloudlanhom.pages.dev Cve202520197 Dasie , The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the showdata and initiate_restore parameters in all versions up to, and including, 1.24.12 due to insufficient input sanitization and output escaping The root cause stems from insufficient input sanitization and output escaping for the parameters showdata and initiate_restore.
Source: blackcanbu.pages.dev Citrix Cve 20254966 David Mcgrath , This makes it possible for unauthenticated attackers to inject arbitrary web scripts. The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the showdata and initiate_restore parameters in all versions up to, and including, 1.24.12 due to insufficient input sanitization and output escaping
Source: stolezenbky.pages.dev Microsoft’s January 2025 Patch Tuesday Addresses 157 CVEs (CVE202521333, CVE202521334, CVE , This vulnerability affects all versions of the plugin up to and including 1.24.12 Unauthenticated attackers can exploit this flaw by injecting arbitrary web scripts.
Source: fdrobertxct.pages.dev Cve List 2025 Gayla Ceciley , Unauthenticated attackers can exploit this flaw by injecting arbitrary web scripts. This issue arises due to insufficient input sanitization and output escaping in the showdata and initiate_restore parameters
Source: hwsiuskpy.pages.dev CVE202522376 Weak Default Nonce Generation in NetOAuthClient in NetOAuth Package for , The root cause stems from insufficient input sanitization and output escaping for the parameters showdata and initiate_restore. Unauthenticated attackers can exploit this flaw by injecting arbitrary web scripts.
Source: arlenaerz.pages.dev NPM affected by OpenSSL Vulnerabilities CVE20230215, CVE20230286, CVE20224304, CVE2022 , This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can. The root cause stems from insufficient input sanitization and output escaping for the parameters showdata and initiate_restore.
Source: mehliusjfk.pages.dev Microsoft Patch Tuesday, January 2025 Security Update Review Qualys ThreatPROTECT , This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can. CVE-2025-0215 Vulnerability, Severity 0 N/A, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Source: transexssev.pages.dev CVE202523013 Local Privilege Escalation in Yubico pamu2f Before 1.3.1 , Unauthenticated attackers can exploit this flaw by injecting arbitrary web scripts. This issue arises due to insufficient input sanitization and output escaping in the showdata and initiate_restore parameters
Source: wisyouthaus.pages.dev Cve20250215 Minna Sydelle , The root cause stems from insufficient input sanitization and output escaping for the parameters showdata and initiate_restore. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can.
Source: kuriminbmt.pages.dev CVE202242475 ioo0s's blog , The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the showdata and initiate_restore parameters in all versions up to, and including, 1.24.12 due to insufficient input sanitization and output escaping CVE-2025-0215 Vulnerability, Severity 0 N/A, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Source: jazzbornfgl.pages.dev [B! security] , This issue arises due to insufficient input sanitization and output escaping in the showdata and initiate_restore parameters Unauthenticated attackers can exploit this flaw by injecting arbitrary web scripts.
Source: bitkoliso.pages.dev CVE202522275 (CVSS 9.3) iTerm2 Patches Critical Security Flaw Exposing User Input and Output , The root cause stems from insufficient input sanitization and output escaping for the parameters showdata and initiate_restore. CVE-2025-0215 Vulnerability, Severity 0 N/A, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Source: pravdauadyb.pages.dev GitHub power1314520/CVE202351385_test 一个验证对CVE202351385 , This vulnerability affects all versions of the plugin up to and including 1.24.12 The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the showdata and initiate_restore parameters in all versions up to, and including, 1.24.12 due to insufficient input sanitization and output escaping
Source: elliscfoegs.pages.dev [原创] CVE20192025(水滴) , Unauthenticated attackers can exploit this flaw by injecting arbitrary web scripts. Information Technology Laboratory National Vulnerability DatabaseVulnerabilities
CVE20250282 AttackerKB . Information Technology Laboratory National Vulnerability DatabaseVulnerabilities This vulnerability affects all versions of the plugin up to and including 1.24.12
Cve202520197 Dasie . This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can. This makes it possible for unauthenticated attackers to inject arbitrary web scripts.