views
A serious vulnerability has been found in WordPress plugin with over 3 million installations, that may have allowed logged-in users, including subscriber-level users, to download backups made with the plugin.
Backups are a treasure trove of sensitive information. UpdraftPlus, a WordPress plugin with over 3 million installations, updated with a security fix on Thursday for a vulnerability discovered by security researcher Marc Montpas.
Also read: Boy, 14, Dies By Suicide Over Garena Free Fire: What Is The Game, Why Is It Banned And Can You Still Play It?
“UpdraftPlus is a popular back-up plugin for WordPress sites and as such it is expected that the plugin would allow you to download your backups," said the Wordfence Threat Intelligence team.
One of the features that the plugin implemented was the ability to send back-up download links to an email of the site owner’s choice.
Also read: Samsung Galaxy S22 Series Pre-Book Offers For India Announced: All Details
“Unfortunately, this functionality was insecurely implemented making it possible for low-level authenticated users like subscribers to craft a valid link that would allow them to download backup files," Wordfence explained in a blog post.
Successfully exploiting this vulnerability would take an attacker with an active account on the target system.
“We urge all users running the UpdraftPlus plugin to update to the latest version of the plugin as soon as possible, if you have not already done so, since the consequences of a successful exploit would be severe," Wordfence said.
Watch Video: OnePlus 9 RT Review: At Rs 42,999, You Are Getting A Reliable Flagship Experience
“This vulnerability was patched in version 1.22.3 of UpdraftPlus, and as such we strongly encourage you to verify that your site is running the most up to date version of the plugin and updating immediately if it is not".
Read all the Latest Tech News and Breaking News here
Comments
0 comment