UpdraftPlus WordPress Backup Plugin < 1.22.3 - Sensitive Information Disclosure

6.5
Missing Authorization
CVE CVE-2022-0633
CVSS 6.5 (Medium)
Publicly Published February 17, 2022
Last Updated January 22, 2024
Researcher Marc-Alexandre Montpas

Description

The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download the most recent site & database backup. The UpdraftPlus WordPress Backup Plugin plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when performing a heartbeat function in versions up to 1.22.3. This makes it possible for authenticated attackers with minimal permissions such as a subscriber to retrieve the path to arbitrary back-up files which can subsequently be downloaded and used to gain sensitive information about the system. This also affects premium versions before before 2.22.3.

Wordfence blocked 556 attacks targeting this vulnerability in the past 24 hours.

References

Share

2 affected software packages

Software Type Plugin
Software Slug updraftplus-pro
Patched? Yes
Remediation Update to version 2.22.3, or a newer patched version
Affected Version
  • < 2.22.3
Patched Version
  • 2.22.3
Software Type Plugin
Software Slug updraftplus (view on wordpress.org)
Patched? Yes
Remediation Update to version 1.22.3, or a newer patched version
Affected Version
  • 1.16.7 - 1.22.3
Patched Version
  • 1.22.3

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation