Vulnerability found in WordPress plugin with over 3 million installations
Massive botnet attack that generated 400 million requests stopped
February 21, 2022
CISA Lists Free Cybersecurity Services and Tools
February 22, 2022
Summary:
Updates have been released for UpdraftPlus, a WordPress plugin with more than three million installations, after a vulnerability was discovered by security researcher. In a blog post, the Wordfence Threat Intelligence team explained that the vulnerability allows any logged-in user, including subscriber-level users, to download backups made with the plugin. Backups are a treasure trove of sensitive information, and frequently include configuration files that can be used to access the site database as well as the contents of the database itself, the WordPress security company explained. The researchers examined the patch and were able to create a proof of concept. In an original version of the blog, Wordfence said the attacker would need to begin their attack when a backup was in progress, and would need to guess the appropriate timestamp to download a backup. But it was later updated to say Wordfence found that it is possible to obtain a full log containing a backup nonce and timestamp at any time, "making this vulnerability significantly more exploitable."
Additional Discussion:
Link
