Home/News/UpdraftPlus WordPress Vulnerability Puts 3 Million Sites At Risk via @sejournal, @martinibuster
Search Engine Journal2 min read

UpdraftPlus WordPress Vulnerability Puts 3 Million Sites At Risk via @sejournal, @martinibuster

A critical vulnerability in the UpdraftPlus WordPress plugin was disclosed on March 11, 2024, potentially exposing over 3 million websites to severe security risks. The flaw, identified as CVE-2024-27774, allows unauthenticated attackers to execute arbitrary code on affected WordPress installations. This could enable them to gain complete control of a website, upload malicious files, and compromise sensitive data. The vulnerability arises from insufficient validation of user-supplied data within the plugin's functionality. UpdraftPlus, a widely used backup plugin, has a user base exceeding 3 million active installations, according to WordPress.org statistics. The security researchers at Wordfence first reported the vulnerability, highlighting its severity and the broad impact it could have across the WordPress ecosystem. A patch was released by the UpdraftPlus developers on March 11, 2024, in version 1.23.3. Users are strongly advised to update their UpdraftPlus plugin to the latest version immediately to mitigate the risk of exploitation. Failure to do so leaves websites vulnerable to potential takeover and defacement.

Original source — read the full reporting at the publisher:

Read on Search Engine Journal

Read next