Beta

Report

Backup by 10Web – Backup and Restore <= 1.0.20 is vulnerable to Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated
Published
2021-05-22

The Backup by 10Web – Backup and Restore Plugin WordPress plugin through 1.0.20 does not sanitise or escape the tab parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue

CVE

https://www.cve.org/CVERecord?id=CVE-2021-24426

CVSS

Score:5.5

Severity:Medium

Version: 1.0.20

The plugin vendor has not patched this vulnerability at the moment.