WordPress Backup Plugin Vulnerability Affects 3+ Million Sites

Jan 5, 2025 | SEO News Feeds | 0 comments

Wordpress Backup Plugin Vulnerability Affects 3 Million Sites.jpg



SEO Content Writing Service

A high severity vulnerability in a popular WordPress backup plugin allows unauthenticated attackers to exploit the flaw. The vulnerability is rated 8.8 on a scale of 0.0 to 10.

UpdraftPlus: WP Backup & Migration Plugin

The vulnerability affects the popular Updraft Plus WordPress plugin, installed in over 3 million websites. Updraft Plus comes in a free and paid version that allows users to upload backups to a user’s cloud storage or to email the files. The plugin allows users to manually backup the website or schedule it for automatic backups. It offers a tremendous amount of flexibility of what can be backed up and can make a huge difference for recovering from a catastrophic server issue and is also useful for migrating to a different server altogether.

Wordfence explains the vulnerability:

“The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.24.11 via deserialization of untrusted input in the ‘recursive_unserialized_replace’ function. This makes it possible for unauthenticated attackers to inject a PHP Object.

No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must perform a search and replace action to trigger the exploit.”

The Updraft Plus changelog seems to minimize the vulnerability, it doesn’t even call the update a security patch, it’s labeled as a “tweak.”

From the official Updraft Plus WordPress plugin changelog:

“TWEAK: Complete the review and removal of calls to the unserialize() PHP function allowing class instantiation begun in 1.24.7. (The final removal involved a theoretical security defect, if your development site allowed an attacker to post content to it which you migrated to another site, and which contained customised code that could perform destructive actions which the attacker knew about, prior to you then cloning the site. The result of this removal is that some search-replaces, highly unlikely to be encountered in practice, will be skipped).”

Updraft Plus Vulnerability Patched

Users are recommended to consider updating their installations of Updraft Plus to the latest version, 1.24.12. All versions prior to the latest version are vulnerable.

Read the Wordfence advisory:

UpdraftPlus: WP Backup & Migration Plugin <= 1.24.11 – Unauthenticated PHP Object Injection

Attorney Websites For Sale 4ebusiness Media Group

Featured Image by Shutterstock/Tithi Luadthong

Source link


Anxiety Stress Management

Live a Life of Contentment eBook We all want to be satisfied, even though we know some people who will never be that way, and others who see satisfaction as a foreign emotion that they can’t hope to ever feel.

Newspaper Ads Canyon Crest CA

Click To See Full Page Ads

Click To See Half Page Ads

Click To See Quarter Page Ads

Click To See Business Card Size Ads

If you have questions before you order, give me a call @ 951-235-3518 or email @ canyoncrestnewspaper@gmail.com Like us on Facebook Here

You May Also Like

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Contact Us

Contact Us

Personal Injury Attorney

Websites For Sale Personal Injury Attorneys

Criminal Defense Attorneys

Websites For Sale Criminal Defense Attorney

Bankruptcy Attorneys

Websites For Sale Bankruptcy Attorneys

General Practice Attorneys

Websites For Sale General Practice Attorneys

Family Attorneys

Websites For Sale Family Attorneys

Corporate Attorneys

Websites For Sale Corporate Attorneys

Home Privacy Policy Terms Of Use Anti Spam Policy Contact Us Affiliate Disclosure Amazon Affiliate Disclaimer DMCA Earnings Disclaimer