Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:44 a.m.15 views

CVE-2022-0633

The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site such as subscriber to download the most recent site & database...

6.5CVSS6.6AI score0.0201EPSS
Exploits3References1
0day.today
0day.today
added 2022/02/21 12:0 a.m.403 views

WordPress UpdraftPlus 1.22.2 Backup Disclosure Vulnerability

UpdraftPlus, a WordPress plugin with over 3 million installations, updated with a security fix for a vulnerability discovered by security researcher Marc Montpas. This vulnerability allowed any logged-in user, including subscriber-level users, to download backups made with the plugin. Backups are...

6.5CVSS0.0201EPSS
Exploits3
The Hacker News
The Hacker News
added 2022/02/19 6:25 a.m.35 views

Critical Flaw Uncovered in WordPress Backup Plugin Used by Over 3 Million Sites

Patches have been issued to contain a "severe" security vulnerability in UpdraftPlus, a WordPress plugin with over three million installations, that can be weaponized to download the site's private data using an account on the vulnerable sites. "All versions of UpdraftPlus from March 2019 onwards...

6.5CVSS2.8AI score0.0201EPSS
Exploits3
ThreatPost
ThreatPost
added 2022/02/18 2:25 p.m.127 views

Severe WordPress Plug-In UpdraftPlus Bug Threatens Backups

The WordPress plug-in “UpdraftPlus” was patched on Wednesday to correct a vulnerability that left sensitive backups at risk, potentially exposing personal information and authentication data. UpdraftPlus is a tool for creating, restoring and migrating backups for WordPress files, databases,...

6.5CVSS8.7AI score0.0201EPSS
Exploits3References9
Wordfence Blog
Wordfence Blog
added 2022/02/17 6:55 p.m.37 views

Vulnerability in UpdraftPlus Allowed Subscribers to Download Sensitive Backups

Update: a previous version of this article indicated that an attacker would need to begin their attack when a backup was in progress, and would need to guess the appropriate timestamp to download a backup. Since the article was originally published, we have found that it is possible to obtain a...

4CVSS6.2AI score0.0201EPSS
Exploits3
CVE
CVE
added 2022/02/17 6:45 p.m.218 views

CVE-2022-0633

CVE-2022-0633 concerns the UpdraftPlus WordPress plugin. Affected: UpdraftPlus Free < 1.22.3 and Premium

6.5CVSS6.4AI score0.0201EPSS
In wildExploits3References4Affected Software1
Rows per page
Query Builder