Download Certificate- Most Promising Partner | ECIO | Most Admired Brand | Most Trusted Company

Over 3 million Installations were impacted by WordPress Backup Plugin Vulnerability


By MYBRANDBOOK


Over 3 million Installations were impacted by WordPress Backup Plugin Vulnerability

A vulnerability was discovered for UpdraftPlus, a WordPress plugin with over 3 million installations. If exploited, the vulnerability could grant attackers access to privileged information from the affected site's database like usernames and hashed passwords.

 

The issue was discovered during an internal audit of the UpdraftPlus plugin. A team of researchers uncovered an arbitrary backup download vulnerability that could allow low-privileged users like subscribers to download a site's latest backups.

 

Two previously unknown vulnerabilities were discovered. The first was related to how UpdraftPlus security tokens called, nonces, could be leaked. This allowed an attacker to obtain the backup, including the nonce.

 

The second vulnerability was tied to an improper validation of a registered user’s role, precisely what WordPress warns that developers should take steps to lock down plugins. The improper user role validation allowed someone with the data from the previous vulnerability to download any of the backups, which of course contains sensitive information.

 

Updraftplus allows WordPress administrators to back up their WordPress installations, including the entire database which contains user credentials, passwords and other sensitive information. Publishers rely on UpdraftPlus to adhere to the highest standards of security in their plugin because of how sensitive the data is that’s backed up with the plugin.

 

The Wordfence Threat Intelligence team said, “The attack starts with the WordPress heartbeat function. The attacker needs to send a specially crafted heartbeat request containing a data[updraftplus] parameter. By supplying the appropriate sub parameters, an attacker is able to obtain a backup log containing a backup nonce and timestamp which they can then use to download a backup.”

 

It further urged all users running the UpdraftPlus plugin to update to the latest version of the plugin, which is version 1.22.3 as of this writing, as soon as possible, since the consequences of a successful exploit would be severe.
 BREAKING NEWS  BREAKING NEWS
Cisco announces AI-native secure Wi-Fi 7 for future-ready employe

Cisco announces AI-native secure Wi-Fi 7 for future-ready employe...

Announcing a major leap in wireless technology, Cisco has launched its Wi...

The BSE benchmark Sensex tumbled over 800 points, leaving investo

The BSE benchmark Sensex tumbled over 800 points, leaving investo...

The BSE benchmark Sensex recently experienced a significant drop, tumblin...

North Korean GPS Interference Disrupts Air Traffic

North Korean GPS Interference Disrupts Air Traffic...

South Korea's military has publicly accused North Korea of disrupting GP...

US ordered TSMC to halt chip shipments to China

US ordered TSMC to halt chip shipments to China...

TSMC has had regular discussions with the government on export control issu...

 TECHNO TRENDS  Placeholder image
Nazara and ONDC set to transform in-game monetization with ‘

Nazara and ONDC set to transform in-game monetization with ‘

Nazara Technologies has teamed up with the Open Network for Digital Comme...

Jio Platforms and NICSI to offer cloud services to government

Jio Platforms and NICSI to offer cloud services to government

In a collaborative initiative, the National Informatics Centre Services In...

BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium

BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium

A syndicate led by Rail Vikas Nigam Limited (abbreviated as RVNL), along wi...

Pinterest tracks users without consent, alleges complaint

Pinterest tracks users without consent, alleges complaint

A recent complaint alleges that Pinterest, the popular image-sharing platf...

 E-Magazine 
 TECHNOTAINMENT  Placeholder image
Eloelo teams up with Elvish Yadav for India's biggest digital

Eloelo teams up with Elvish Yadav for India's biggest digital

Netflix adds 'Moments' feature for saving, sharing scenes from

Netflix adds 'Moments' feature for saving, sharing scenes from

Netflix has introduced a new “Moments” feature on its mobile app, whic
Jacqueline Fernandez come together with YouTuber Mr. Beast for

Jacqueline Fernandez come together with YouTuber Mr. Beast for

Jacqueline Fernandez has partnered with American YouTuber Mr. Beast to b
 MOVERS & SHAKERS  Placeholder image
Kamal Nath quits SIFY Technologies

Kamal Nath quits SIFY Technologies

Visa elevates Rishi Chhabra as new Country Manager for India

Visa elevates Rishi Chhabra as new Country Manager for India

Rishi holds a Master’s in Industrial Engineering from The Ohio State Univ
Genesys welcomes Albert Nel as Senior VP and Regional Sales Le

Genesys welcomes Albert Nel as Senior VP and Regional Sales Le

Genesys continues to deepen its investment in the APAC region. Earlier this
 OPEN YOUR EYES  Placeholder image

The rising risk of insider threats in the remote workforce
Building of a secure infrastructure is highly essential to stop malicious activity
How Technology companies are bringing innovative solutions during COVID-19
Brands across the board are reinventing strategies to bring back customers
The Security Threat is looming the BFSI Segments
 INTERVIEWS  Placeholder image
Alpha Max offers high end solutions in the network space to en

Alpha Max offers high end solutions in the network space to en

Cisco building a trusted and resilient future for the nation

Cisco building a trusted and resilient future for the nation

Security is foundational to everything Cisco does and customers insist on e
Autodesk continually pushing the boundaries in the Design and

Autodesk continually pushing the boundaries in the Design and

Autodesk’s vision is of a better world designed and made for all. It inte
 HOT PICK  Placeholder image
BOULT unveils AmpVault V10 & V20 powerbanks: Fast charging, sa

BOULT unveils AmpVault V10 & V20 powerbanks: Fast charging, sa

SonicWall Launches TZ80: A Powerful Solution for Remote Office

SonicWall Launches TZ80: A Powerful Solution for Remote Office

SonicWall announced today the launch of the TZ80, a groundbreaking securit
Gigabyte X3D Turbo: A Gaming Revolution

Gigabyte X3D Turbo: A Gaming Revolution

GIGABYTE X3D Turbo Mode is a cutting-edge feature that unifies cores distr
 MAKE IN INDIA BRANDS   Placeholder image
HIMACHAL FUTURISTIC COMMUNICATIONS LTD.

HIMACHAL FUTURISTIC COMMUNICATIONS LTD.


PDRL - Passenger Drone Research Pvt. Ltd.

PDRL - Passenger Drone Research Pvt. Ltd.


ACER INDIA PVT. LTD.

ACER INDIA PVT. LTD.


BHARAT ELECTRONICS LTD.

BHARAT ELECTRONICS LTD.


 EMINENT CIO'S OF INDIA  EMINENT CIO'S OF INDIA

PRIORITIZING APPROPRIATE DATA MANAGEMENT AND ETHICAL AI IS THE NEED OF THE HOUR

For us, cultivating customer trust amidst for that...

AI SYSTEMS ARE ENABLING A SEISMIC SHIFT IN THE WORLD OF CYBERSECURITY

AI’s analytical prowess enables it to analyze an...

AI TO IMPROVE INSIGHTS THROUGH AUGMENTED ANALYTICS, WHILE EDGE COMPUTING TO ALLOW REAL-TIME PROCESSING

For the fiscal year 2024-25, our organization has ...

 ICONS OF INDIA  Placeholder image

Icons Of India : Deepak Sharma

Deepak Sharma spearheads Schneider Electric India. He brings with him ...

ICONS OF INDIA : SANDIP PATEL

Sandip Patel is the Managing Director for IBM India & South Asia regio...

Icons Of India : AMIT CHADHA

Amit Chadha serves as the CEO and Managing Director of L&T Technology ...

 PARTNER SPEAKERS  EMINENT CIO'S OF INDIA

Empowering clients with innovative solutions to thrive in evolving digital landscape

Hitachi Systems India employs a multifaceted approach to assess brand awarenes...

Gauging Brand Awareness with Data-Driven insights

Arrow PC Network utilizes data-driven insights extensively to gauge brand awar...

"WE BELIEVE IN FOSTERING COLLECTIVE GROWTH"

These insights inform strategic adjustments, improvements and ensuring communi...

 PSU  Placeholder image

NIC - National Informatics Centre  

NIC serves as the primary IT solutions provider for the government of ...

IOCL - Indian Oil Corporation Ltd.  

IOCL is India’s largest oil refining and marketing company ...

EESL - Energy Efficiency Services Limited  

EESL is uniquely positioned in India’s energy sector to address ener...

 VIDEOS  Placeholder image

 Top 25 Brands  Solution partners

Most Trusted Brands 2024 : Salesforce Inc.  

Salesforce prioritizes customer success and satisfaction, focusing on building...

Most Trusted Brands 2024: BHARTI AIRTEL LTD.

Airtel is a global communications solutions provider serving over 500 million ...

RELIANCE JIO INFOCOMM LTD.

Reliance Jio commonly known as Jio, has been a significant disruptor in the te...

 Global Indian industry   Value-Added Distribution

Indian Tech Talent Excelling The Tech World - NIKESH ARORA, Chairman CEO - Palo Alto Networks

Nikesh Arora, the Chairman and CEO of Palo Alto Networks, is steering ...

Indian Tech Talent Excelling The Tech World - Vinod Dham, Founder & Executive Managing Partner, IndoUS Venture Partners

Vinod Dham, known as the “Father of the Pentium Chip,” has left an...

Indian Tech Talent Excelling The Tech World - Sanjay Mehrotra, CEO- Micron Technology

Sanjay Mehrotra, the President and CEO of Micron Technology, is at the...

 STARNITE AWARDS 2024  
 ITFORUM 2024  
   
 CMO of the Year   Placeholder image
 WOMEN LEADERSHIP  Placeholder image
 IMAGE GALLERY   Placeholder image
 TRENDS IN TECHNOLOGY  Placeholder image
MORE VIDEOS  Placeholder image
Brand Book
Brand Book
Brand Book
Brand Book
 ADVERTISEMENTS  Placeholder image
Brandbook Brandbook
 TECHNOLOGY DISRUPTION Placeholder image

Indian semiconductor Industry to reach $55 bn by 2026

Indian semiconductor Industry to reach $55 bn by 2026

Attackers have started using much more advanced modes of cyberattacks

Attackers have started using much more advanced modes of cyberattacks

Synechron and Unqork Partner to Accelerate Digital Initiatives

Synechron and Unqork Partner to Accelerate Digital Initiatives

Where are we after one year since lockdown

Where are we after one year since lockdown

 UNICORNS REVOLUTIONISING Placeholder image

NTEX Transportation Services Pvt. Ltd.

NTEX Transportation Services Pvt. Ltd.

The Good Glamm Group

The Good Glamm Group

Mindtickle Inc.

Mindtickle Inc.

KRUTRIM 

KRUTRIM 


Copyright www.mybrandbook.co.in @1999-2024 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : www.varindia.com | www.spoindia.org
ADMIRED BRANDS

AFTER MARKET SERVICES

CATEGORIES

DISTRIBUTORS & VADs
GOVERNMENT BODIES

INDUSTRY BODIES

MAKE IN INDIA

CONTACT US

SUBSCRIBE NOW