CVE-2026-10795 UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc

The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.26.4 via the UpdraftPlusRemoteCommunicationsV2::wploaded function. This is due to insufficient validation of the remote communications message format,...

WordPress UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc vulnerability

Unauthenticated Authentication Bypass via UpdraftCentral udrpc vulnerability discovered by vtim in WordPress Plugin UpdraftPlus versions = 1.26.4...

Critical Unauthenticated Authentication Bypass Vulnerability Patched in UpdraftPlus WordPress Plugin

On June 2nd, 2026, we received a submission for a critical Unauthenticated Authentication Bypass vulnerability in UpdraftPlus, a WordPress plugin with more than 3 million active installations. Although the plugin has such a large install base, the vulnerability is only exploitable on sites that...

PT-2026-48532

Name of the Vulnerable Software and Affected Versions UpdraftPlus versions prior to 1.26.5 UpdraftCentral versions prior to 0.8.32 Description An unauthenticated authentication bypass allows remote code execution on sites connected to UpdraftCentral, a remote management dashboard. The issue occur...