WordPress UpdraftPlus update immediately

Millions of WordPress sites had to be updated and the reason was a vulnerability in UpdraftPlus, a popular plugin that allows users to create and restore backups.

The developers of UpdraftPlus requested the mandatory update, as the vulnerability allowed anyone with an account to download the entire database of a site.


The bug was discovered by Jetpack security researcher Marc Montpas during a security check of the add-on.

"This mistake is very easy to exploit, with very bad results. It enables low-end users to download backups of a site, which include raw backups of the database.

He told UpdraftPlus developers the bug on Tuesday last week, they corrected it a day later and immediately began the forced installation of the update.

1,7 million sites have been updated since Thursday, out of a total of 3 million users using the plugin.

  Wordpress: Bulk URL change from SQL

The main drawback was that UpdraftPlus did not properly implement WordPress 'hearbeat' function and could not check if users had administrator privileges. Another issue was a variable used to validate administrators to distinguish them from untrusted users. For those who are interested, Jetpack published more details for the hack.

Registration in iGuRu.gr via email

Your email for sending each new post

Follow us on Google News iGuRu.gr at Google news

Leave a reply

Your email address Will not be published.

67 +    = 69

Previous Story

Windows Key Viewer find the Windows key

Next Story

Are Windows 12 already being developed by Microsoft?