Millions of WordPress sites recently received a forced update to fix a critical security vulnerability. The vulnerability in a plugin called UpdraftPlus is stated to allow any user to download an existing backup, a privilege that should only be limited to administrative users.
UpdraftPlus vulnerability fixed
UpdraftPlus, a WordPress plugin with over 3 million installs, provides site administrators with backup and restore capabilities, allowing them to store backups in the cloud and restore them with a click.
Automattic security researcher Marc-Alexandre Montpas discovered a vulnerability in the plugin and reported it to UpdraftPlus. Acting on this, the developers released a fix the very next day. UpdraftPlus said that the vulnerability was possible due to missing permission check in the code related to checking the current backup status.
Looking at the statistics provided by WordPress, it is seen that the current version of the plugin, which has more than 3 million active installations, is not received by all sites.
UpdraftPlus, plugin version number for free version It wants to make sure it’s 1.22.4 or higher or 2.22.4 or higher for premium version.
- Home
- Internet
- Websites News
- WordPress plugin created vulnerabilities on millions of sites
37574
