Researchers from the Wordfence Threat Intelligence team identified a new vulnerability in the UpdraftPlus plugin for WordPress websites. The plugin has over three million downloads. The issue with the plugin is that it could allow a user of the website, even at the lowest subscriber level, to download backups made with the plugin. Backup data typically contains a trove of information, including some that can be sensitive. The main purpose of the plugin is to be used by administrators to backup data on their on their websites, so it came as no surprise to researchers when they identified that the issue allowed anyone to access the data. A patch has been released for this plugin, and the most current version is 1.22.3.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in