Severe WordPress Plug-In UpdraftPlus Bug Threatens Backups

2022-02-18 14:25

The WordPress plug-in "UpdraftPlus" was patched on Wednesday to correct a vulnerability that left sensitive backups at risk, potentially exposing personal information and authentication data.

UpdraftPlus is a tool for creating, restoring and migrating backups for WordPress files, databases, plug-ins and themes.

According to its website, UpdraftPlus is used by more than three million WordPress websites, including those from organizations like Microsoft, Cisco and NASA. The Bug.

According to a security bulletin posted by UpdraftPlus on Wednesday, the zero day allowed "Any logged-in user on a WordPress installation with UpdraftPlus active to exercise the privilege of downloading an existing backup, a privilege which should have been restricted to administrative users only."

As outlined by WordPress security analysts at Wordfence,the attack starts with the WordPress heartbeat function.

Security flaws in WordPress plug-ins have become the dernier cri in web security in recent months.

News URL

https://threatpost.com/severe-wordpress-plug-in-updraftplus-bug-threatens-backups/178528/

#backup #wordpress

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Wordpress		7	2	95	44	18	159
Updraftplus		4	0	16	2	0	18