Vulnerability found in WordPress plugin with over 3 million installations

UpdraftPlus, a WordPress plugin with over 3 million installations had a vulnerability that allows any logged-in user, including subscriber-level users, to download backups made with the plugin.

The flaw was discovered by security researcher Marc Montpas. The Wordfence Threat Intelligence team examined the patch and created a proof of concept.

In a blog post, Wordfence explained about the vulnerability. Earlier the researchers mentioned that the attacker would need to begin their attack when a backup was in progress, and would need to guess the appropriate timestamp to download a backup. Later it was updated that it is possible to obtain a full log containing a backup nonce and timestamp at any time, making this vulnerability significantly more exploitable.

UpdraftPlus patched the vulnerability on Thursday in version 1.22.3 and they urged users to check their website to make sure they were running the latest version.

UpdraftPlus is a popular back-up plugin for WordPress sites and the plugin would allow you to download your backups. One of the features of the plugin was the ability to send back-up download links to an email of the site owner’s choice. Unfortunately, this functionality was insecurely implemented making it possible for low-level authenticated users like subscribers to craft a valid link that would allow them to download backup files.

In order to exploit the vulnerability, the hacker would need an active account on the target system. So it can be used only in targeted attacks. The consequences of a successful targeted attack are likely to be severe, as they could include leaked passwords and PII, and in some cases site takeover if the attacker is able to obtain database credentials from a configuration file and successfully access the site database.

The researchers request all users running the UpdraftPlus plugin to update to the latest version of the plugin, which is version 1.22.3 as early as possible.

The post Vulnerability found in WordPress plugin with over 3 million installations first appeared on Cybersafe News.

click here to read full Article

Read More on latest Security Updates

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *