MY BRAND BOOK Over 3 million Installations were impacted by WordPress Backup Plugin Vulnerability

Over 3 million Installations were impacted by WordPress Backup Plugin Vulnerability

By MYBRANDBOOK

A vulnerability was discovered for UpdraftPlus, a WordPress plugin with over 3 million installations. If exploited, the vulnerability could grant attackers access to privileged information from the affected site's database like usernames and hashed passwords.

The issue was discovered during an internal audit of the UpdraftPlus plugin. A team of researchers uncovered an arbitrary backup download vulnerability that could allow low-privileged users like subscribers to download a site's latest backups.

Two previously unknown vulnerabilities were discovered. The first was related to how UpdraftPlus security tokens called, nonces, could be leaked. This allowed an attacker to obtain the backup, including the nonce.

The second vulnerability was tied to an improper validation of a registered user’s role, precisely what WordPress warns that developers should take steps to lock down plugins. The improper user role validation allowed someone with the data from the previous vulnerability to download any of the backups, which of course contains sensitive information.

Updraftplus allows WordPress administrators to back up their WordPress installations, including the entire database which contains user credentials, passwords and other sensitive information. Publishers rely on UpdraftPlus to adhere to the highest standards of security in their plugin because of how sensitive the data is that’s backed up with the plugin.

The Wordfence Threat Intelligence team said, “The attack starts with the WordPress heartbeat function. The attacker needs to send a specially crafted heartbeat request containing a data[updraftplus] parameter. By supplying the appropriate sub parameters, an attacker is able to obtain a backup log containing a backup nonce and timestamp which they can then use to download a backup.”

It further urged all users running the UpdraftPlus plugin to update to the latest version of the plugin, which is version 1.22.3 as of this writing, as soon as possible, since the consequences of a successful exploit would be severe.

BREAKING NEWS

Cisco announces AI-native secure Wi-Fi 7 for future-ready employe...

Announcing a major leap in wireless technology, Cisco has launched its Wi...

The BSE benchmark Sensex tumbled over 800 points, leaving investo...

The BSE benchmark Sensex recently experienced a significant drop, tumblin...

North Korean GPS Interference Disrupts Air Traffic...

South Korea's military has publicly accused North Korea of disrupting GP...

US ordered TSMC to halt chip shipments to China...

TSMC has had regular discussions with the government on export control issu...

TECHNO TRENDS

Nazara and ONDC set to transform in-game monetization with ‘

Nazara Technologies has teamed up with the Open Network for Digital Comme...

Jio Platforms and NICSI to offer cloud services to government

In a collaborative initiative, the National Informatics Centre Services In...

BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium

A syndicate led by Rail Vikas Nigam Limited (abbreviated as RVNL), along wi...

Pinterest tracks users without consent, alleges complaint

A recent complaint alleges that Pinterest, the popular image-sharing platf...

E-Magazine

TECHNOTAINMENT

Eloelo teams up with Elvish Yadav for India's biggest digital

Netflix adds 'Moments' feature for saving, sharing scenes from

Netflix has introduced a new “Moments” feature on its mobile app, whic

Jacqueline Fernandez come together with YouTuber Mr. Beast for

Jacqueline Fernandez has partnered with American YouTuber Mr. Beast to b

MOVERS & SHAKERS

Kamal Nath quits SIFY Technologies

Visa elevates Rishi Chhabra as new Country Manager for India

Rishi holds a Master’s in Industrial Engineering from The Ohio State Univ

Genesys welcomes Albert Nel as Senior VP and Regional Sales Le

Genesys continues to deepen its investment in the APAC region. Earlier this

OPEN YOUR EYES

Modernize the IT Strategy To Navigate COVID-19 and Beyond

A question arises on how would be the future of the workplace?

Contact-less Technology to Bring Revolution In This Pandemic Era

Technology empowering people stay connected in un-touch world

The dangers of phishing are becoming Top Concern for the CEOs

INTERVIEWS

Bolstering its commitment to help build a truly self-reliant B

Acer addresses evolving customer needs by consistently pushing

Acer offers a comprehensive range of products under one roof, including des

Delivering Critical Business Communication Solutions to Enterp

Arya Omnitalk and Syntel’s comprehensive suite of solutions and more than

HOT PICK

BOULT unveils AmpVault V10 & V20 powerbanks: Fast charging, sa

SonicWall Launches TZ80: A Powerful Solution for Remote Office

SonicWall announced today the launch of the TZ80, a groundbreaking securit

Gigabyte X3D Turbo: A Gaming Revolution

GIGABYTE X3D Turbo Mode is a cutting-edge feature that unifies cores distr

MAKE IN INDIA BRANDS

LAVA INTERNATIONAL LTD.

CENTRE FOR DEVELOPMENT OF TELEMATICS (C-DOT)

BPE INDIA PVT. LTD.

TALLY SOLUTIONS PVT. LTD.

EMINENT CIO'S OF INDIA

HARNESSING THE POWER OF BIG DATA TO GAIN VALUABLE INSIGHTS

A Technology certainly drives innovation and busin...

SUSTAINING SUCCESS BY DELIVERING VALUE TO CUSTOMERS

This includes conducting regular audits, risk asse...

AGILE TECHNIQUE ENCOURAGES TEAMWORK, ADAPTABILITY, AND CONTINUOUS ITERATION

Several emerging technology trends are significant...

ICONS OF INDIA

ICONS OF INDIA : SRIDHAR VEMBU

Sridhar Vembu is the chief executive officer (CEO) of Zoho Corporation...

Icons Of India : GAUTAM ADANI CHAIRMAN ADANI GROUP

Gautam Adani is the Founder and Chairman of the Adani Group, which ran...

Icons Of India : Dr. Arvind Gupta

Arvind Gupta is the Head and Co-Founder of the Digital India Foundatio...

PARTNER SPEAKERS

Enhanced Skills & Expertise helping to better serve customers and stay ahead of the curve

Feedback Forms: Conducting surveys and collecting feedback from customers is a...

Competitively Viable By Ensuring Brand Loyalty & Uniformity

D M Systems always collaborates with top brands and wants to continue the same...

A Trusted IT Partner Renowned For Reliability, Expertise, and Customer-Centricity

Fast paced changes in digital technology and constant innovations are impactin...

PSU

LIC - Life Insurance Corporation of India

LIC is the largest state-owned life insurance company in India...

STPI - Software Technology Parks of India

STPI promotes and facilitates the growth of the IT and ITES industry i...

IOCL - Indian Oil Corporation Ltd.

IOCL is India’s largest oil refining and marketing company ...

VIDEOS

Top 25 Brands

Most Trusted Brands 2024 : Redington Ltd.

Redington positions itself as a bridge between global technology brands and re...

Most Trusted Brands 2024 : Samsung Electronics Co. Ltd.

Samsung invests heavily in marketing campaigns to promote...

Most Trusted Brands 2024: MICROSOFT CORPORATION

Microsoft Corporation has been at the forefront of technological innovation fo...

Global Indian industry

Indian Tech Talent Excelling The Tech World - REVATHI ADVAITHI, CEO- Flex

Revathi Advaithi, the CEO of Flex, is a dynamic leader driving growth ...

Indian Tech Talent Excelling The Tech World - Anirudh Devgan , President, Cadence Design

Anirudh Devgan, the Global President and CEO of Cadence Design Systems...

Indian Tech Talent Excelling The Tech World - Dheeraj Pandey, CEO, DevRev

Dheeraj Pandey, Co-founder and CEO at DevRev , has a remarkable journe...

STARNITE AWARDS 2024

ITFORUM 2024

CMO of the Year

WOMEN LEADERSHIP

IMAGE GALLERY

TRENDS IN TECHNOLOGY