Article 5W9WF Millions of WordPress sites get forced update to patch critical plugin flaw

Millions of WordPress sites get forced update to patch critical plugin flaw

by
Dan Goodin
from Ars Technica - All content on (#5W9WF)
zeros-and-ones-800x463.jpeg

Enlarge (credit: Getty Images)

Millions of WordPress sites have received a forced update over the past day to fix a critical vulnerability in a plugin called UpdraftPlus.

The mandatory patch came at the request of UpdraftPlus developers because of the severity of the vulnerability, which allows untrusted subscribers, customers, and others to download the site's private database as long as they have an account on the vulnerable site. Databases frequently include sensitive information about customers or the site's security settings, leaving millions of sites susceptible to serious data breaches that spill passwords, user names, IP addresses, and more.

Bad outcomes, easy to exploit

UpdraftPlus simplifies the process of backing up and restoring website databases and is the Internet's most widely used scheduled backup plugin for the WordPress content management system. It streamlines data backup to Dropbox, Google Drive, Amazon S3, and other cloud services. Its developers say it also allows users to schedule regular backups and is faster and uses fewer server resources than competing WordPress plugins.

Read 9 remaining paragraphs | Comments

index?i=cggwwTV6tPc:pZhKxN12pI0:V_sGLiPB index?i=cggwwTV6tPc:pZhKxN12pI0:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments