Important vulnerability in the popular WordPress backup plagon that can be operated without authentication
High -stage vulnerability has recently been found in the popular WordPress backup, Updraftplus. This plugin is used for more than 3 million websites, and vulnerability allows you to attack without authentication. This means that attackers can exploit this vulnerability, even if they do not have login and password to the site.
“The Updraftplus: WP Backup & Migration Plugin Plugin for WordPress is vulnerable to php object inject in all versions up to, and including, 1.24.11 Via Desert 'Recursive_unserialized_replace' Function.
It is important to understand that this vulnerability has a high level of seriousness, estimated at 8.8 out of 10. This means that the potential impact on the safety of the site can be very large. 🚀
- 📌 The vulnerability in Updraftplus allows you to attack without authentication
- 📌 All versions of Updraftplus up to 1.24.12 inclusive are vulnerable
- 📌 Updraftplus is used for over 3 million websites
Is it safe to use upraftplus now?
Yes, if you use the latest version of the plugin - 1.24.12. All previous versions contain the specified vulnerability.
How can I protect my site?
You need to update the Updraftplus plugin to the latest version. Also, regularly update all plugins and WordPress to avoid such problems.
Can this vulnerability be exploited by anyone?
Yes, this vulnerability can be operated without authentication, that is, the attacker does not require login and password for your site.
Статтю згенеровано з використанням ШІ на основі зазначеного матеріалу, відредаговано та перевірено автором вручну для точності та корисності.
https://www.searchenginejournal.com/wordpress-backup-plugin-vulnerability-affects-3-million-sites/536693/