Head Topics

Millions of WordPress sites receive forced patch for critical plugin flaw | Engadget

France Nouvelles Nouvelles

Millions of WordPress sites receive forced patch for critical plugin flaw | Engadget
France Dernières Nouvelles,France Actualités
  • 📰 engadget
  • ⏱ Reading Time:
  • 47 sec. here
  • 2 min. at publisher
  • 📊 Quality Score:
  • News: 22%
  • Publisher: 63%

Millions of WordPress sites receive forced patch for critical plugin flaw

, a popular plugin that allows users to create and restore website backups. UpdraftPlus developers requested the mandatory patch, as the vulnerability would allow anyone with an account to download a website's entire database.

The bug was discovered by Jetpack security researcher Marc Montpas during a security audit of the plugin."This bug is pretty easy to exploit, with some very bad outcomes if it does get exploited," he told."It made it possible for low-privilege users to download a site's backups, which include raw database backups."

He told UpdraftPlus developers about the bug on Tuesday last week, they fixed it a day later and started force-installing the patch shortly after that. 1.7 million sites had received it as of Thursday, out of 3 million-plus users. The main flaw was that UpdraftPlus didn't correctly implement WordPress's"hearbeat' function by properly checking to see if users had administrative privileges. Another issue was a variable used to validate admins that could be modified by untrusted users. Jetpack provided more details about how a hack could work in a

Nous avons résumé cette actualité afin que vous puissiez la lire rapidement. Si l'actualité vous intéresse, vous pouvez lire le texte intégral ici. Lire la suite:

engadget /  🏆 276. in US

France Dernières Nouvelles, France Actualités

Similar News:Vous pouvez également lire des articles d'actualité similaires à celui-ci que nous avons collectés auprès d'autres sources d'information.

Millions of WordPress Sites Got a Forced Update to Fix a Serious BugMillions of WordPress Sites Got a Forced Update to Fix a Serious BugThe mandatory patch addressed a critical vulnerability in a widely used plugin that allowed untrusted visitors to download a website's backups.
Lire la suite »

A fourth COVID vaccine shot: Will it be necessary?A fourth COVID vaccine shot: Will it be necessary?CDC data shows 92.6 million Americans have received a booster shot.
Lire la suite »

OpenSea users lose hundreds of NFTs in likely phishing attack | EngadgetOpenSea users lose hundreds of NFTs in likely phishing attack | EngadgetNFT marketplace OpenSea is investigating a “phishing attack” that has left more than two dozen of its users without access to some of their most valuable digital tokens..
Lire la suite »

Epic Games will offer full-time employment to many of its US quality assurance testers | EngadgetEpic Games will offer full-time employment to many of its US quality assurance testers | EngadgetFortnite developer Epic Games confirmed this weekend it will transition many of its US-based contingent workers to full-time positions with benefits..
Lire la suite »

New ‘Elden Ring’ trailer offers one final look before its long-awaited release | EngadgetNew ‘Elden Ring’ trailer offers one final look before its long-awaited release | EngadgetNew ‘Elden Ring’ trailer offers one final look before its long-awaited release
Lire la suite »

The batteries in Google’s Nest Cam and Doorbell won’t charge in freezing weather | EngadgetThe batteries in Google’s Nest Cam and Doorbell won’t charge in freezing weather | EngadgetFollowing months of reports, Google has confirmed its battery-equipped Nest Doorbell and Cam devices won’t charge when they’re subjected to extreme cold weather..
Lire la suite »



Render Time: 2025-04-06 14:43:49