This article has been indexed from The Hacker News
Patches have been issued to contain a “severe” security vulnerability in UpdraftPlus, a WordPress plugin with over three million installations, that can be weaponized to download the site’s private data using an account on the vulnerable sites.
“All versions of UpdraftPlus from March 2019 onwards have contained a vulnerability caused by a missing permissions-level check, allowing untrusted users
Read the original article: Critical Flaw Uncovered in WordPress Backup Plugin Used by Over 3 Million Sites