Member-only story
WordPress Plugin With Over 3 Million Installs Has a Vulnerability
UpdraftPlus, a WordPress plug-in, has a serious bug that puts backups at risk
Millions of WordPress sites are being compelled to upgrade in order to fix a severe plugin problem. Over the last day, millions of WordPress sites have been compelled to upgrade in order to patch a severe vulnerability in a plugin called UpdraftPlus. Databases commonly include sensitive information about consumers or the site’s security settings, making millions of websites vulnerable to significant data breaches that leak passwords, user identities, IP addresses, and other sensitive information. “ It allowed low-privilege users to obtain backups of a site, including raw database backups. The creators released a remedy the next day and promised to force-install it on WordPress sites that already had the plugin installed. According to WordPress, the plugin has over 3 million users.
WordPress has taken the unusual step of forcing all sites to update the UpdraftPlus plugin to remedy a high-severity vulnerability that allows website subscribers to download the most recent database backups, which often include passwords and PII. Because the popular WordPress plugin is used by three million sites, the potential for exploitation was huge, impacting a wide portion of the internet, including major platforms. “At this point in time, (the appearance of a PoC) relies upon a hacker reverse-engineering the changes in the latest UpdraftPlus release to work it out.” According to WordPress download statistics for this plugin, on the 16th, 783,000 installations were upgraded, and on the 17th, another 1.7 million were updated. The most recent version available today is 1.22.4, and it is suggested that you use it.
On Wednesday, the WordPress plug-in “UpdraftPlus” was fixed to fix a vulnerability that might have exposed personal information and authentication details in sensitive backups. UpdraftPlus is a backup solution for WordPress files, databases, plug-ins, and themes that allows you to create, restore, and migrate backups. UpdraftPlus is utilized by more than three million WordPress websites, according to its website, including those from Microsoft, Cisco, and NASA. The assault begins with the WordPress heartbeat feature, according to Wordfence…
