A popular backup WordPress plugin with more than three million users has recently patched up a vulnerability that allowed threat actors access to passwords, identity information, and other sensitive data.
As reported by WordFence security analysts, researcher Marc Montpas discovered a vulnerability in UpdraftPlus, a backup, restore and clone plugin for WordPress.
UpdraftPlus has a feature that allows users to send a download link to the backup, via email, to an address designated by the site’s owner. However, this feature has been implemented poorly, the researcher has found, and allows pretty much anyone, even subscriber-level users, to create a valid link that would allow them to download backup files.
To exploit the vulnerability, however, the attacker would need to have an active account on the target system, the researchers further explain, concluding that such an attack would need to be targeted. The potential consequences are described as “severe”, which is why the researchers are using all UpdraftPlus users to update their plugins immediately.
The patched up version is 1.22.3.
WordPress plugins often come with critical flaws that could allow attackers full website takeover. Just a few weeks ago, a popular WordPress plugin used by more than a million websites was found to be carrying a critical remote code execution (RCE) flaw
Another vulnerability was also recently discovered in the “WordPress Email Template Designer – WP HTML Mail”, plugin, which allowed for an unauthenticated attacker to inject malicious JavaScript that would run whenever a site admin accesses the template editor, while in late October 2021, researchers discovered a flaw in the Hashthemes Demo Importer plugins that could be exploited to completely wipe and reset any vulnerable WordPress website.
WordPress Email Template Designer – WP HTML Mail is used by 20,000 websites, while Hashthemes Demo Importer plugins count more than 8,000 users.