2 matches found
WordPress UpdraftPlus 1.22.2 Backup Disclosure Vulnerability
UpdraftPlus, a WordPress plugin with over 3 million installations, updated with a security fix for a vulnerability discovered by security researcher Marc Montpas. This vulnerability allowed any logged-in user, including subscriber-level users, to download backups made with the plugin. Backups are...
Vulnerability in UpdraftPlus Allowed Subscribers to Download Sensitive Backups
Update: a previous version of this article indicated that an attacker would need to begin their attack when a backup was in progress, and would need to guess the appropriate timestamp to download a backup. Since the article was originally published, we have found that it is possible to obtain a...