Home / About / Threat Intelligence / WordPress Plugin Vulnerability

Overview

Over three million WordPress installations were affected by a vulnerability (CVE-2022-0633) in the UpdraftPlus backup plugin. This could be used by logged in users to access the private backups which should be restricted to administrators.

Impact

An unprivileged user could download database backups which include website data, user account information and hashed passwords as well as sensitive configuration files.

Affected Products

Every UpdraftPlus version between 1.16.7 and 1.22.3.

Containment, Mitigations & Remediations

Update the plugin and ensure auto-updates are enabled for quicker automatic remediation in future.

Threat Landscape

There’s no evidence of exploitation in-the-wild.
The exploit could be used to gain read access to the database but not to make changes so it’s not immediately useful for Ransomware attacks. Access to passwords could allow additional access but this would require further effort as they were stored in a hashed format.

Mitre Methodologies

T1212 – Exploitation for Credential Access

Further Information

Severe Vulnerability Fixed In UpdraftPlus 1.22.3