News

WordPress Rolls Out Forced Update Against Vulnerability in UpdraftPlus Plugin

By admin
Spread the love

WordPress is forcibly rolling out an update to the popular backup plugin UpdraftPlus. Websites with the plugin were found to contain a vulnerability that allowed unauthorized users to download recent backups.

These are the mandatory UpdraftPlus updates 1.22.3 and 2.22.3 for users of the free and paid versions of the plug-in, respectively. After installation, it is no longer possible for unauthorized users to access backups, plug-in manager Jetpack describes in a blog post.

WordPress rarely forces an update, but due to the severity of the vulnerability, the update was installed to 3 million users within days, according to Bleeping Computer. Nevertheless, according to UpdraftPlus, due to the complicated process of obtaining a backup without authorization, no known hacks have been performed.

The vulnerability in UpdraftPlus allowed users to send a heartbeat request to a website, after which important data about recent backups could be obtained. A link could then be generated based on this data. This link instructed UpdraftPlus to send the affected backup via email to the unauthorized hacker.

You might also like
News

Android 14 beta brings support for a desktop mode

News

Good news for TSMC: its 3nm node will take flight in 2024 thanks to the push of these…

News

The most boring technology of the 21st century: Intel has only grown 5% since 2000

News

Google Password Manager can start sharing passwords with partners or children

News

PlayStation 5 beta update improves audio from DualSense controller

News

Rumor: Android 15 puts apps in ‘edge-to-edge’ mode by default