No announcement yet.

Critical WP UpdraftPlus Security Release

  • Time
  • Show
Clear All
new posts

  • Critical WP UpdraftPlus Security Release

    Your WP should have already applied this update automatically but please make sure that your UpdraftPlus plugin has been updated to at least 1.22.3 (free version) / 2.22.3 (paid versions).

    This defect allows any logged-in user on a WordPress installation with UpdraftPlus active to exercise the privilege of downloading an existing backup, a privilege which should have been restricted to administrative users only...

    This means that if your WordPress site allows untrusted users to have a WordPress login, and if you have any existing backup, then you are potentially vulnerable to a technically skilled user working out how to download the existing backup. Affected sites are at risk of data loss / data theft via the attacker accessing a copy of your site’s backup, if your site contains anything non-public.