Vulnerabilities

CVE-2022-0633

by Fred · 17/02/2022

The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup’s nonce identifier, which may allow any users with an account on the site (such as subscriber) to download the most recent site & database backup.

Date published : 2022-02-17

UpdraftPlus security release – 1.22.3 / 2.22.3 – please upgrade

http://packetstormsecurity.com/files/166059/WordPress-UpdraftPlus-1.22.2-Backup-Disclosure.html

Similar

Tags: Cybersecurity Alert