Download Certificate- Most Promising Partner | ECIO | Most Admired Brand | Most Trusted Company

Over 3 million Installations were impacted by WordPress Backup Plugin Vulnerability


By MYBRANDBOOK


Over 3 million Installations were impacted by WordPress Backup Plugin Vulnerability

A vulnerability was discovered for UpdraftPlus, a WordPress plugin with over 3 million installations. If exploited, the vulnerability could grant attackers access to privileged information from the affected site's database like usernames and hashed passwords.

 

The issue was discovered during an internal audit of the UpdraftPlus plugin. A team of researchers uncovered an arbitrary backup download vulnerability that could allow low-privileged users like subscribers to download a site's latest backups.

 

Two previously unknown vulnerabilities were discovered. The first was related to how UpdraftPlus security tokens called, nonces, could be leaked. This allowed an attacker to obtain the backup, including the nonce.

 

The second vulnerability was tied to an improper validation of a registered user’s role, precisely what WordPress warns that developers should take steps to lock down plugins. The improper user role validation allowed someone with the data from the previous vulnerability to download any of the backups, which of course contains sensitive information.

 

Updraftplus allows WordPress administrators to back up their WordPress installations, including the entire database which contains user credentials, passwords and other sensitive information. Publishers rely on UpdraftPlus to adhere to the highest standards of security in their plugin because of how sensitive the data is that’s backed up with the plugin.

 

The Wordfence Threat Intelligence team said, “The attack starts with the WordPress heartbeat function. The attacker needs to send a specially crafted heartbeat request containing a data[updraftplus] parameter. By supplying the appropriate sub parameters, an attacker is able to obtain a backup log containing a backup nonce and timestamp which they can then use to download a backup.”

 

It further urged all users running the UpdraftPlus plugin to update to the latest version of the plugin, which is version 1.22.3 as of this writing, as soon as possible, since the consequences of a successful exploit would be severe.
 BREAKING NEWS  BREAKING NEWS
Elon Musk Merges X with xAI in $33 Billion Stock Deal

Elon Musk Merges X with xAI in $33 Billion Stock Deal...

Elon Musk has made waves once again by merging X (formerly Twitter) with...

India Strengthens Electronics Supply Chain with ₹22,919 Cr Manu

India Strengthens Electronics Supply Chain with ₹22,919 Cr Manu...

The scheme aims to attract an investment of INR 59,350 Cr, resulting in pro...

Govt Drops Import Duty making EV Batteries cheaper

Govt Drops Import Duty making EV Batteries cheaper...

The Centre is taking measures to counter the impact of US President Donald ...

CERT-In’s New Advisory Unveils Hidden Cyber Threats

CERT-In’s New Advisory Unveils Hidden Cyber Threats...

The advisory highlights critical vulnerabilities in AI models, outlines mul...

 TECHNO TRENDS  Placeholder image
Legal Battle Over IT Act Intensifies Amid Musk’s India Plans

Legal Battle Over IT Act Intensifies Amid Musk’s India Plans

The outcome of the legal dispute between X Corp and the Indian government c...

Wipro inks 10-year deal with Phoenix Group's ReAssure UK worth

Wipro inks 10-year deal with Phoenix Group's ReAssure UK worth

The agreement, executed through Wipro and its 100% subsidiary,...

Centre announces that DPDP Rules nearing Finalisation by April

Centre announces that DPDP Rules nearing Finalisation by April

The government seeks to refine the rules for robust data protection, ensuri...

Home Ministry cracks down on PoS agents in digital arrest scam

Home Ministry cracks down on PoS agents in digital arrest scam

Digital arrest scams are a growing cybercrime where victims are coerced or ...

 E-Magazine 
 TECHNOTAINMENT  Placeholder image
For 2nd Time, Kaspersky announced Mumbai Indians’ Official C

For 2nd Time, Kaspersky announced Mumbai Indians’ Official C

Hrithik Roshan to endorse RuPay as Brand Ambassador

Hrithik Roshan to endorse RuPay as Brand Ambassador

RuPay is reportedly planning to feature Bollywood superstar Hrithik Rosha
India Today Group launches – AI Pop Stars

India Today Group launches – AI Pop Stars

Staying true to our industry leadership position in using cutting-edge tech
 MOVERS & SHAKERS  Placeholder image
Cloudflare Promotes Goran Risticevic as VP & MD for APAC

Cloudflare Promotes Goran Risticevic as VP & MD for APAC

TelioLabs ropes in Phaniraj V A as the Group CEO

TelioLabs ropes in Phaniraj V A as the Group CEO

TelioLabs has announced the onboarding of Phaniraj V A as its new Group CE
Wipro Appoints Amit Kumar as Managing Partner and Global Head

Wipro Appoints Amit Kumar as Managing Partner and Global Head

Wipro Limited (NYSE: WIT, BSE: 507685, NSE: WIPRO), a leading technology s
 OPEN YOUR EYES  Placeholder image

Payment industry is eyeing Asia as attractive for V.C. investors amid COVID-19
How Work From Home Brings Various Security Challenges
Business continuity is the most valuable asset for financial institutions
Technology empowering people stay connected in un-touch world
The disruption in the technology demands to ensure business continuity
 INTERVIEWS  Placeholder image
Alcatel-Lucent Enterprise Carrying a 100 year legacy ahead

Alcatel-Lucent Enterprise Carrying a 100 year legacy ahead

Bolstering its commitment to help build a truly self-reliant B

Bolstering its commitment to help build a truly self-reliant B

CP PLUS is dedicated to spreading a sense of security to every corner of In
In India, 88% of Indian business leaders are planning to inves

In India, 88% of Indian business leaders are planning to inves

As we move through 2024, it has become increasingly clear that AI is not ju
 HOT PICK  Placeholder image
ASUS ExpertCenter P500 Mini Tower Desktop PC's launched in Ind

ASUS ExpertCenter P500 Mini Tower Desktop PC's launched in Ind

MSI Announces the availability of RTX 50 series of laptops in

MSI Announces the availability of RTX 50 series of laptops in

MSI, the innovative computing manufacturer in gaming, creator
Nothing Phone (3a) goes on sale today, starting at Rs 19,999

Nothing Phone (3a) goes on sale today, starting at Rs 19,999

The phone was launched on March 4, featuring a 50MP main, ultra-wide, and t
 MAKE IN INDIA BRANDS   Placeholder image
BPE INDIA PVT. LTD.

BPE INDIA PVT. LTD.


PRAMA HIKVISION INDIA PRIVATE LIMITED

PRAMA HIKVISION INDIA PRIVATE LIMITED


HP INDIA SALES PVT. LTD.

HP INDIA SALES PVT. LTD.


EXIDE INDUSTRIES LTD.

EXIDE INDUSTRIES LTD.


 EMINENT CIO'S OF INDIA  EMINENT CIO'S OF INDIA

USING AI & BI OFFERINGS TO ADDRESS CLIENT NEEDS

In the fiscal year 2024-25, Assisto Technologies h...

SUSTAINING SUCCESS BY DELIVERING VALUE TO CUSTOMERS

This includes conducting regular audits, risk asse...

AIM TO PUT IA SOLUTIONS WITH A WIDE “GENERAL INTELLIGENCE” SCOPE INTO PRACTICE

Our firm is fortunate to be led by distinguished i...

 ICONS OF INDIA  Placeholder image

Icons Of India : Debjani Ghosh

Debjani Ghosh is the President of the National Association of Software...

Icons Of India : MUKESH D. AMBANI

Mukesh Dhirubhai Ambani is an Indian businessman and the chairman and ...

ICONS OF INDIA : SUNIL VACHANI

Sunil Vachani is the Chairman of Dixon Technologies (India) Ltd. Under...

 PARTNER SPEAKERS  EMINENT CIO'S OF INDIA

"WE BELIEVE IN FOSTERING COLLECTIVE GROWTH"

These insights inform strategic adjustments, improvements and ensuring communi...

Enhanced Skills & Expertise helping to better serve customers and stay ahead of the curve

Feedback Forms: Conducting surveys and collecting feedback from customers is a...

Revolutionizing surveillance industry with innovative range of accessories

Adoption of digital technology is essential for real growth and without this s...

 PSU  Placeholder image

ECIL - Electronics Corporation of India Limited

ECIL is distinguished by its diverse technological capabilities and it...

HPCL - Hindustan Petroleum Corporation Ltd.  

HPCL is an integrated oil and gas company involved in refining, market...

TCIL - Telecommunications Consultants India Limited  

TCIL is a government-owned engineering and consultancy company...

 VIDEOS  Placeholder image

 Top 25 Brands  Solution partners

Most Trusted Brands 2024: Nvidia Corporation

NVIDIA, founded in 1993, has evolved significantly over the years. Initially k...

Most Trusted Brands 2024 : TECH MAHINDRA

Tech Mahindra positions itself as a company that goes beyond just technology, ...

Most Trusted Brands 2024 : ACCENTURE PLC

Accenture is renowned for its commitment to technological innovation. It inves...

 Global Indian industry   Value-Added Distribution

Indian Tech Talent Excelling The Tech World - Aman Bhutani, CEO, GoDaddy

Aman Bhutani, the self-taught techie and CEO of GoDaddy, oversees a co...

Indian Tech Talent Excelling The Tech World - PADMASREE WARRIOR, Founder, President & CEO - Fable

Padmasree Warrior, the Founder, President, and CEO of Fable, is revolu...

Indian Tech Talent Excelling The Tech World - NIKESH ARORA, Chairman CEO - Palo Alto Networks

Nikesh Arora, the Chairman and CEO of Palo Alto Networks, is steering ...

 ITFORUM 2025  
 STARNITE AWARDS 2024  
   
 CMO of the Year   Placeholder image
 WOMEN LEADERSHIP  Placeholder image
 IMAGE GALLERY   Placeholder image
 TRENDS IN TECHNOLOGY  Placeholder image
MORE VIDEOS  Placeholder image
Brand Book
Brand Book
Brand Book
Brand Book
 ADVERTISEMENTS  Placeholder image
Brandbook Brandbook
 TECHNOLOGY DISRUPTION Placeholder image

WhatsApp to launch display banner to speak on the privacy policy

WhatsApp to launch display banner to speak on the privacy policy

Worldwide Device Shipments to Decline 4% in 2023

Worldwide Device Shipments to Decline 4% in 2023

Delhi & NCR Vi customers to enjoy stronger indoor 4G connectivity

Delhi & NCR Vi customers to enjoy stronger indoor 4G connectivity

Rockwell Automation and Microsoft to leverage Generative AI capabilities

Rockwell Automation and Microsoft to leverage Generative AI capabilities

 UNICORNS REVOLUTIONISING Placeholder image

Dreamplug Technologies Pvt Ltd.

Dreamplug Technologies Pvt Ltd.

Fractal Analytics Private Limited

Fractal Analytics Private Limited

Fashnear Technologies Private Limited

Fashnear Technologies Private Limited

Resilient Innovations Private Limited

Resilient Innovations Private Limited


Copyright www.mybrandbook.co.in @1999-2025 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : www.varindia.com | www.spoindia.org
of images belongs to the respective copyright holders
ADMIRED BRANDS

AFTER MARKET SERVICES

CATEGORIES

DISTRIBUTORS & VADs
GOVERNMENT BODIES

INDUSTRY BODIES

MAKE IN INDIA

EXPLORE THE NEW BRAND BOOK
CONTACT US

SUBSCRIBE NOW