Security researchers at Automattic and Wordfence have detailed a fairly critical security bug in UpdraftPlus, a popular WordPress plugin.

Researchers noted that this bug can let a semi-privileged user download siteโ€™s backups, and steal the sensitive data available in it. UpdraftPlus makers have released a patch and urged site admins to apply it.

Vulnerability in UpdraftPlus Plugin

UpdraftPlus, a WordPress plugin thatโ€™s used for creating, restoring, and migrating backups have now turned into a threat for millions of sites relying on it. This is due to a security vulnerability found in it, which can let a qualified attacker cause serious harm to the siteโ€™s data.

As written by researchers at Automattic (WordPress.com parent company) and Wordfence (a security company), the bug in UpdraftPlus will let a limited attacker (someone with basic user access to the target site) download the backup files. This is something thatโ€™s limited to only admin-level users of the site.

This was later confirmed by the UpdraftPlus team too in a security bulletin. On its website, UpdraftPlus claims to have over three million WordPress websites running its plugin, including Microsoft, Cisco, and NASA! And with the severity score it received (8.5/10), tracked as CVE-2022-0633 is considered a fairly serious threat.

The actual problem was said to be in the validation mechanism of the UpdraftPlus system, where it fails to recognize whoโ€™s requesting backups. And itโ€™s named as the WordPress heartbeat function, by Wordfence researchers.

All an attacker has to do is to โ€œsend a specially crafted heartbeat request containing a data[updraftplus] parameterโ€. This will enable the attacker to obtain a backup log, containing all the senstive data stored by the site. This can primarily be used for identity theft, in case having PII, or other malicious attacks.

UpdraftPlus team has released a patch for this on Wednesday, as versions 1.22.3 (free) and 2.22.3 (paid) plug-ins, and urges the site admins to update as soon as possible.

LEAVE A REPLY

Please enter your comment!
Please enter your name here