Vulnerabilities > CVE-2022-0633 - Incorrect Authorization vulnerability in Updraftplus

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
updraftplus
CWE-863

Summary

The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download the most recent site & database backup.

Vulnerable Configurations

Part Description Count
Application
Updraftplus
2

Common Weakness Enumeration (CWE)