cleantalk
Vulnerabilities and Security Researches

Upcasted S3 Offload – AWS S3, Digital Ocean Spaces, Backblaze, Minio and more, CVE-2025-22676

CVE, Research URL

CVE-2025-22676

Home page URL

Security reports for Upcasted S3 Offload – AWS S3, Digital Ocean Spaces, Backblaze, Minio and more

Application

Upcasted S3 Offload – AWS S3, Digital Ocean Spaces, Backblaze, Minio and more

Published on
Feb 17, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in upcasted AWS S3 for WordPress Plugin – Upcasted upcasted-s3-offload allows Stored XSS.This issue affects AWS S3 for WordPress Plugin – Upcasted: from n/a through <= 3.0.3.
Affected versions
max 3.0.4.
Status
vulnerable
Previous vulnerability researches
Upcasted S3 Offload &#8211; AWS S3, Digital Ocean Spaces, Backblaze, Minio and more (CVE-2023-33999) , Jun 14, 2026
Upcasted S3 Offload &#8211; AWS S3, Digital Ocean Spaces, Backblaze, Minio and more (CVE-2025-22676) , Feb 16, 2025
Upcasted S3 Offload &#8211; AWS S3, Digital Ocean Spaces, Backblaze, Minio and more (e0a41fd30c1d6f11ff8044cd3eda45c9415fc691) , Jun 06, 2024
Upcasted S3 Offload &#8211; AWS S3, Digital Ocean Spaces, Backblaze, Minio and more (30be2235708b1e3699af48260235ba12008c971e) , Jun 16, 2026
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026