A serious vulnerability has been found in WordPress plugin with over 3 million installations that may have allowed logged-in users, including subscriber-level users, to download backups made with the plugin.
Backups are a treasure trove of sensitive information.
UpdraftPlus, a WordPress plugin with over 3 million installations, was updated with a security fix on Thursday for a vulnerability discovered by security researcher Marc Montpas.
“UpdraftPlus is a popular back-up plugin for WordPress sites and as such it is expected that the plugin would allow you to download your backups,” said the Wordfence Threat Intelligence team.
Elegant Themes - The most popular WordPress theme in the world and the ultimate WordPress Page Builder. Get a 30-day money-back guarantee. Get it for Free
One of the features that the plugin implemented was the ability to send backup download links to an email of the site owner’s choice.
“Unfortunately, this functionality was insecurely implemented making it possible for low-level authenticated users like subscribers to craft a valid link that would allow them to download backup files,” Wordfence explained in a blog post.
Successfully exploiting this vulnerability would take an attacker with an active account on the target system.
“We urge all users running the UpdraftPlus plugin to update to the latest version of the plugin as soon as possible, if you have not already done so, since the consequences of a successful exploit would be severe,” Wordfence said.
“This vulnerability was patched in version 1.22.3 of UpdraftPlus, and as such we strongly encourage you to verify that your site is running the most up to date version of the plugin and updating immediately if it is not”.