Severe Vulnerability Fixed In UpdraftPlus 1.22.3

Marc Montpas posted: " During an internal audit of the UpdraftPlus plugin, we uncovered an arbitrary backup download vulnerability that could allow low-privileged users like subscribers to download a site's latest backups. If exploited, the vulnerability could grant attacke" New post on Jetpack Severe Vulnerability Fixed In UpdraftPlus 1.22.3 by Marc Montpas During an internal audit of the UpdraftPlus plugin, we uncovered an arbitrary backup download vulnerability that could allow low-privileged users like subscribers to download a site's latest backups. If exploited, the vulnerability could grant attackers access to privileged information from the affected site's database (e.g., usernames and hashed passwords). We reported the vulnerability to the plugin's authors, and they recently released version 1.22.3 to address it. Forced auto-updates have also been pushed due to the severity of this issue. If your site hasn't already, we strongly recommend that you update to the latest version (1.22.3) and have an established security solution on your site, such as Jetpack Security. You can find UpdraftPlus' own advisory here. Read more of this post Marc Montpas | February 17, 2022 at 1:00 pm | Tags: Security, Vulnerabilities | Categories: Vulnerabilities | URL: https://wp.me/p1moTy-ALg Unsubscribe to no longer receive posts from Jetpack. Change your email settings at Manage Subscriptions. Trouble clicking? Copy and paste this URL into your browser: http://jetpack.com/2022/02/17/severe-vulnerability-fixed-in-updraftplus-1-22-3/ Thanks for flying with WordPress.com