According to security experts, a popular WordPress plugin contains a bug that could compromise user data and even hijack vulnerable websites. The solution is to update as soon as possible.
The plugin, UpDraftPlus, is commonly used to back up users’ data. As a result, it stores valuable information such as configuration files that can lead hackers directly into the sensitive contents of databases. The bug CVE-2022-0633 allows any user logged in to download backups made with the infected plugin. The vulnerability makes it possible for the backup link to be sent to any email address.
Those who fall victim to this attack are likely to experience serious consequences. These may include leaked personally identifiable information (PII) and compromised passwords. It is recommended that all UpDraftPlus users upgrade to version 1.22.3 to avoid becoming a victim of this vulnerability.
Taking proactive measures is crucial for organizations and individuals who use WordPress. Still, part of the onus also lies with the developers of this trendy platform. It is easy for hackers to infiltrate WordPress because of its numerous plugins. Some of these add-ons are highly sophisticated and secure, but this cannot be said of them all. Preventing similar bugs in the future will require that WordPress hire a permanent threat intelligence and prevention team whose only job is to detect vulnerabilities and leaks in third-party plugins.