A new WordPress plugin vulnerability is now putting millions of users at risk. This security issue is specifically found on UpdraftPlus, a cloning plugin for WordPress.
John Heckert wipes his eyes as he uses a computer to fill out paperwork for unemployment insurance at Eastbay Works Oakland One-Stop Career Center August 5, 2010 in Oakland, California. U.S. jobless claims unexpectedly rose by 19,000 new claims for the week ending on July 31.
This online tool allows users to send an installed link to their backup via email. Many people are currently relying on UpdraftPlus since it is quite easy to use and offers many advanced features.
But, there's an issue with this clone WP plugin. Some security experts claimed that the main feature of UpdraftPlus is implemented in a poor manner.
Because of this, a new vulnerability appeared, which can put millions of WordPress users at risk.
New WordPress Plugin Flaw
According to TechRadar's latest report, the new UpdraftPlus vulnerability allows anyone, even sub-level subscribers, to create a valid link. This will allow them to acquire backup files.
Members of the National Assembly listen to US President Donald Trump (not pictured) delivering his addresses in Seoul on November 8, 2017. Trump's marathon Asia tour moves to South Korea, another key ally in the struggle with nuclear-armed North Korea, but one with deep reservations about the US president's strategy for dealing with the crisis. / AFP PHOTO / JIM WATSON
Wordfence, the threat intelligence agency, confirmed that the new flaw can allow anyone to access sensitive user data of UpdraftPlus users.
"The attack starts with the WordPress heartbeat function. The attacker needs to send a specially crafted heartbeat request containing a data[updraftplus] parameter," explained Wordfence experts via ZDNet.
Although the new flaw is quite serious, involved cybersecurity researchers said that users can still prevent the vulnerability from exploiting their passwords, identity information, and other sensitive data.
Update Your WP plugin Now
Wordfence is now urging UpdraftPlus users to update their plugins as soon as possible.
Security experts said this is a must since the new vulnerability can lead to massive breaches, especially if the attackers acquire database credentials from a configuration file.
They added that credential theft is most likely the first priority of cybercriminals if ever they gain access to the backups and database of UpdraftPlus.
In other news, some WordPress plugin flaws also put millions of websites at risk of cyberattacks. Meanwhile, Glow software company recently released an all-in-one WordPress site management tool.
For more news updates about WordPress and other related topics, always keep your tabs open here at TechTimes.
Related Article: Outdated WordPress Plug-ins, Themes Distribute Backdoors For Potential Supply Chain Attack, Jetpack Says
This article is owned by TechTimes
Written by: Griffin Davis
