CSRF to wp-admin Site Wide XSS in UpdraftPlus Plugin - #CVE-2023-32960
2023-05-20 _If you are a user of the UpdraftPlus plugin, it is important to update to at least version 1.23.4 to protect against a recently discovered vulnerability. This plugin is a popular backup tool for WordPress, with over 3 million active installations. The vulnerability is related to a CSRF issue that could lead to a stored site-wide XSS on the wp-admin area. This could allow an unauthenticated user to steal sensitive information or escalate privileges on the WordPress site by tricking a privileged user into visiting a malicious URL. The vulnerability was fixed in version 1.23.4 and assigned CVE-2023-32960._ _If you are a Patchstack Developer or Business plan user, you are already protected from this vulnerability. Additionally, you can sign up for the Patchstack Community plan to receive notifications about vulnerabilities as soon as they are disclosed. For plugin developers, Patchstack offers security audit services and a Threat Intelligence Feed API for hosting companies._ _The vulnerability in UpdraftPlus is related to the buildauthenticationlink function, which constructs and returns an authentication link for certain backup methods. The $instanceid variable is directly constructed as HTML without proper sanitization, which could lead to XSS if an attacker fully controls the variable. This value is returned from the buildauthenticationlink function and directly echoed, which could turn into XSS. The $instanceid variable can be fetched from the $this->getinstanceid() function, which acts as a getter to the $this->instanceid variable that will be set from the setinstanceid function. It is important to note that this vulnerability was fixed in version 1.23.4 of the plugin. --Darien Kindlund_ [View Article](https://patchstack.com/articles/csrf-to-wp-admin-site-wide-xss-in-updraftplus-plugin/)