Login Sign Up

CVE-2023-32960

7.1 HIGH
Cross-Site Scripting CSRF

📋 TL;DR

This CSRF vulnerability in UpdraftPlus WordPress Backup Plugin allows attackers to trick authenticated administrators into executing malicious actions. When exploited, it can lead to site-wide XSS attacks affecting all users who visit the compromised WordPress admin area. WordPress sites running vulnerable UpdraftPlus versions are affected.

💻 Affected Systems

Products:
  • UpdraftPlus WordPress Backup Plugin
Versions: <= 1.23.3
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with UpdraftPlus plugin; vulnerability is present in default configuration.

📦 What is this software?

Updraftplus by Updraftplus

View all CVEs affecting Updraftplus →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains full control of WordPress site through admin session hijacking, injects malicious scripts affecting all visitors, and potentially compromises server infrastructure.

🟠

Likely Case

Attacker injects malicious JavaScript into WordPress admin area, stealing admin credentials or redirecting users to malicious sites.

🟢

If Mitigated

Limited impact with proper CSRF protections and admin awareness; potential for minor script injection but contained by security plugins.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires tricking authenticated admin to click malicious link; CSRF to XSS chain is well-documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.23.4

Vendor Advisory: https://updraftplus.com/updraftplus-security-release-1-23-4/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find UpdraftPlus and click 'Update Now'. 4. Verify version shows 1.23.4 or higher.

🔧 Temporary Workarounds

Temporary CSRF Protection

all

Install WordPress security plugin with CSRF protection like Wordfence or iThemes Security

Admin Session Protection

all

Implement strict admin session management and logout idle sessions

🧯 If You Can't Patch

  • Disable UpdraftPlus plugin temporarily and use alternative backup solution
  • Implement web application firewall (WAF) rules to block CSRF attempts targeting UpdraftPlus endpoints

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins > UpdraftPlus version

Check Version:

wp plugin list --name=updraftplus --field=version

Verify Fix Applied:

Confirm UpdraftPlus version is 1.23.4 or higher in WordPress plugins list

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to /wp-admin/admin-ajax.php with updraftplus actions
  • Multiple failed CSRF token validations in security plugin logs

Network Indicators:

  • HTTP requests with suspicious referer headers targeting UpdraftPlus endpoints
  • Unusual traffic patterns to /wp-admin/admin-ajax.php

SIEM Query:

source="wordpress.logs" AND (uri_path="/wp-admin/admin-ajax.php" AND action="updraftplus_*")

📊 Metadata

CVE ID: CVE-2023-32960
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CWE: CWE-352
Published: June 22, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-32960, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-10181 9.8

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Sumavision Enhanced Multimed...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)