The vulnerability has now been patched, but it allowed cybercriminals to gain access to passwords, identity information, and other sensitive data.

Check also:

As reported by WordFence security researchers, their researcher Mark Monpass discovered a flaw in UpdraftPlus. It is a backup, restore and clone plugin for WordPress.

UpdraftPlus has a feature that allows you to email a backup download link to the address provided by the site owner. However, this feature was not well implemented and, according to the researcher, it allowed almost anyone, even subscriber-level users, to create a valid link to download backup files.

If someone is using UpdraftPlus, they should install the update right away. The patched version is 1.22.3.

It is worth noting that in order to exploit the vulnerability, the attacker had to have an active account in the service. However, the potential consequences were “extremely serious”, so the researchers emphasized the need for an update.

WordPress plugins offer great features, but unfortunately they often contain fatal bugs. These can allow attackers to hijack your entire site.

Another vulnerability was discovered recently, this time in the “WordPress Email Template Designer – WP HTML Mail” plugin. It allows the entry of malicious JavaScript code that is run every time a webmaster accesses the email template editor.

So if we develop websites on WordPress, make sure they are updated and kept safe.