Title: Security issues
Last modified: April 20, 2019

---

# Security issues

 *  Resolved [bstras21](https://wordpress.org/support/users/bstras21/)
 * (@bstras21)
 * [7 years ago](https://wordpress.org/support/topic/security-issues-40/)
 * You need to update jQuery UI. You are using jQuery UI – v1.11.4 which in jQuery
   UI before 1.12.0 might allow remote attackers to inject arbitrary web script 
   or HTML via the closeText parameter of the dialog function

Viewing 2 replies - 1 through 2 (of 2 total)

 *  [Nico Marcuz](https://wordpress.org/support/users/nick7766/)
 * (@nick7766)
 * [7 years ago](https://wordpress.org/support/topic/security-issues-40/#post-11449860)
 * thnx for keeping a eye on it.
 *  Plugin Author [David Anderson / Team Updraft](https://wordpress.org/support/users/davidanderson/)
 * (@davidanderson)
 * [7 years ago](https://wordpress.org/support/topic/security-issues-40/#post-11450654)
 * 1) jQuery UI 1.11.4 is shipped as part of WordPress core (`wp-includes/js/jquery/
   ui/core.min.js`), and not under our control (see: [https://core.trac.wordpress.org/ticket/39943](https://core.trac.wordpress.org/ticket/39943)).
 * 2) The UpdraftPlus admin page is only reachable by WP admins, who have total 
   control over the site; they don’t need to find ways to escalate their privileges,
   since they already have complete privileges.
 * David

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Security issues’ is closed to new replies.

 * ![](https://ps.w.org/updraftplus/assets/icon-256x256.jpg?rev=1686200)
 * [UpdraftPlus: WP Backup & Migration Plugin](https://wordpress.org/plugins/updraftplus/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/updraftplus/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/updraftplus/)
 * [Active Topics](https://wordpress.org/support/plugin/updraftplus/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/updraftplus/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/updraftplus/reviews/)

 * 2 replies
 * 3 participants
 * Last reply from: [David Anderson / Team Updraft](https://wordpress.org/support/users/davidanderson/)
 * Last activity: [7 years ago](https://wordpress.org/support/topic/security-issues-40/#post-11450654)
 * Status: resolved