Millions of WordPress sites receive a forced update for a plugin vulnerability

TechnoPixel — 3 years ago

30 sec reading time

A WordPress plugin called UpdraftPlus has made database backup downloads available to all users on millions of sites, which should only be for admin users.

READING NOW Millions of WordPress sites receive a forced update for a plugin vulnerability

Millions of WordPress sites recently received a forced update to fix a critical security vulnerability. The vulnerability in a plugin called UpdraftPlus is stated to allow any user to download an existing backup, a privilege that should only be limited to administrative users.

UpdraftPlus vulnerability fixed

UpdraftPlus, a WordPress plugin with over 3 million installs, provides site administrators with backup and restore capabilities, allowing them to store backups in the cloud and restore them with a click.

Automattic security researcher Marc-Alexandre Montpas discovered a vulnerability in the plugin and reported it to UpdraftPlus. Acting on this, the developers released a fix the very next day. UpdraftPlus said that the vulnerability was possible due to missing permission check in the code related to checking the current backup status.

Looking at the statistics provided by WordPress, it is seen that the current version of the plugin, which has more than 3 million active installations, is not received by all sites.

Google released emergency update for Chrome

Added 4 days ago

UpdraftPlus, plugin version number for free version It wants to make sure it’s 1.22.4 or higher or 2.22.4 or higher for premium version.

Home
Internet
Websites News
WordPress plugin created vulnerabilities on millions of sites

Comments

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Millions of WordPress sites receive a forced update for a plugin vulnerability

We have explained the steps that those who will start e-commerce should take at the beginning of their journey: All under one roof with AKINSOFT e-commerce!

Background removal feature with artificial intelligence comes to Instagram

Twitch is loosening its sexual content policy

Twitch Announces That It Will Allow Explicit Broadcasts: Of course, to a certain extent

Leave a Comment