Get in Touch
Over three million WordPress installations were affected by a vulnerability (CVE-2022-0633) in the UpdraftPlus backup plugin. This could be used by logged in users to access the private backups which should be restricted to administrators.
An unprivileged user could download database backups which include website data, user account information and hashed passwords as well as sensitive configuration files.
Every UpdraftPlus version between 1.16.7 and 1.22.3.
Containment, Mitigations & Remediations
Update the plugin and ensure auto-updates are enabled for quicker automatic remediation in future.
There’s no evidence of exploitation in-the-wild.
The exploit could be used to gain read access to the database but not to make changes so it’s not immediately useful for Ransomware attacks. Access to passwords could allow additional access but this would require further effort as they were stored in a hashed format.
T1212 – Exploitation for Credential Access