Download Certificate- CMOs | ECIO | Most Admired Brand | Most Trusted Company

Over 3 million Installations were impacted by WordPress Backup Plugin Vulnerability


By MYBRANDBOOK


Over 3 million Installations were impacted by WordPress Backup Plugin Vulnerability

A vulnerability was discovered for UpdraftPlus, a WordPress plugin with over 3 million installations. If exploited, the vulnerability could grant attackers access to privileged information from the affected site's database like usernames and hashed passwords.

 

The issue was discovered during an internal audit of the UpdraftPlus plugin. A team of researchers uncovered an arbitrary backup download vulnerability that could allow low-privileged users like subscribers to download a site's latest backups.

 

Two previously unknown vulnerabilities were discovered. The first was related to how UpdraftPlus security tokens called, nonces, could be leaked. This allowed an attacker to obtain the backup, including the nonce.

 

The second vulnerability was tied to an improper validation of a registered user’s role, precisely what WordPress warns that developers should take steps to lock down plugins. The improper user role validation allowed someone with the data from the previous vulnerability to download any of the backups, which of course contains sensitive information.

 

Updraftplus allows WordPress administrators to back up their WordPress installations, including the entire database which contains user credentials, passwords and other sensitive information. Publishers rely on UpdraftPlus to adhere to the highest standards of security in their plugin because of how sensitive the data is that’s backed up with the plugin.

 

The Wordfence Threat Intelligence team said, “The attack starts with the WordPress heartbeat function. The attacker needs to send a specially crafted heartbeat request containing a data[updraftplus] parameter. By supplying the appropriate sub parameters, an attacker is able to obtain a backup log containing a backup nonce and timestamp which they can then use to download a backup.”

 

It further urged all users running the UpdraftPlus plugin to update to the latest version of the plugin, which is version 1.22.3 as of this writing, as soon as possible, since the consequences of a successful exploit would be severe.
 BREAKING NEWS  BREAKING NEWS
Telecom players request Government to address revenue sharing mod

Telecom players request Government to address revenue sharing mod...

Telecom operators Bharti Airtel, Reliance Jio and Vodafone Idea repres...

Dell Technologies and Alienware unveil the new Alienware x16 R2 i

Dell Technologies and Alienware unveil the new Alienware x16 R2 i...

Dell Technologies and Alienware have launched the new Alienware x16 R2 in...

BharatPe introduces BharatPe One, an all-in-one payment device

BharatPe introduces BharatPe One, an all-in-one payment device...

BharatPe introduced BharatPe One, a multipurpose payment device that combi...

RBI gives PayU permission to function as a payment aggregator

RBI gives PayU permission to function as a payment aggregator...

The Reserve Bank of India has given PayU permission in principle to fun...

 TECHNO TRENDS  Placeholder image
TAC Security becomes Cyber Security Assessor for the App Defen

TAC Security becomes Cyber Security Assessor for the App Defen

The cybersecurity company, TAC Security has been selected as a key Cyber ...

InterGlobe’s Rahul Bhatia and C.P. Gurnani together announce

InterGlobe’s Rahul Bhatia and C.P. Gurnani together announce

In a move that is set to transform the AI landscape, Rahul Bhatia, Group M...

Download masked Aadhaar to improve privacy

Download masked Aadhaar to improve privacy

Download a masked Aadhaar from UIDAI to improve privacy. Select masking w...

Sterlite Technologies' Rs 145 crore claim against BSNL rejecte

Sterlite Technologies' Rs 145 crore claim against BSNL rejecte

An arbitrator has rejected broadband technology company Sterlite Technolog...

 E-Magazine 
 TECHNOTAINMENT  Placeholder image
ED attaches Raj Kundra, Shilpa Shetty’s Rs 97 crore worth as

ED attaches Raj Kundra, Shilpa Shetty’s Rs 97 crore worth as

Salman Khan trolled for singing with B Praak at Anant Ambani's

Salman Khan trolled for singing with B Praak at Anant Ambani's

To celebrate Mukesh Ambani's youngest son Anant Ambani’s 29th birthday

Disney+ Hotstar wins the Best OTT Platform of the year

Disney+ Hotstar wins the Best OTT Platform of the year

Film Critics Guild and Group M Motion Entertainment, in collaboration with

 MOVERS & SHAKERS  Placeholder image
Nium Appoints Alexandra Johnson appoints as Chief Payments Off

Nium Appoints Alexandra Johnson appoints as Chief Payments Off

SISL elevates Ankita Wadhawan as CEO—End User Computing

SISL elevates Ankita Wadhawan as CEO—End User Computing

The IT service provider, SISL in a LinkedIn post announced the elevation

InfoVision appoints Radhika Venkatraman to its Advisory Board

InfoVision appoints Radhika Venkatraman to its Advisory Board

Global digital services company, InfoVision has announced the appointment
 OPEN YOUR EYES  Placeholder image

Changing Dynamics Of Cybersecurity In The Age of Coronavirus

How Technology companies are bringing innovative solutions during COVID-19
CIO’s should have the understanding "Jugaad" to overcome technology challenges
Now WFH To Be Adopted As The Best Practices By Many Organisations
The rise in internet usage has opened the doors to conduct cyber-attacks
 INTERVIEWS  Placeholder image
A few changes in policies can make the PLI scheme even more ef

A few changes in policies can make the PLI scheme even more ef

Commvault leading the next generation of data protection throu

Commvault leading the next generation of data protection throu

A valued brand, Commvault reinforces the commitment to protect customer dat
CommScope celebrates its 25 years of legacy in India by contin

CommScope celebrates its 25 years of legacy in India by contin

A strong brand must also reflect the company values and speak exactly what

 HOT PICK  Placeholder image
COLORFUL rolls out an array of gaming laptops

COLORFUL rolls out an array of gaming laptops

Dell Technologies launches new AI-powered commercial PC portfo

Dell Technologies launches new AI-powered commercial PC portfo

Dell Technologies has launched the broadest portfolio of commercial AI lap
Canon India Introduces 4K Remote PTZ Camera Controller & 4K In

Canon India Introduces 4K Remote PTZ Camera Controller & 4K In

Canon India, a leading company in digital imaging solutions, further solidi
 MAKE IN INDIA BRANDS   Placeholder image
FIREBOLTT

FIREBOLTT


SECUREYE SERVICES PVT. LTD. 

SECUREYE SERVICES PVT. LTD. 


TATA CONSULTANCY SERVICES

TATA CONSULTANCY SERVICES


TEJAS NETWORKS INDIA PVT. LTD.  

TEJAS NETWORKS INDIA PVT. LTD.  


 EMINENT CIO'S OF INDIA  EMINENT CIO'S OF INDIA

Promising to deliver significant value and enhance customer experience with proactive solutions

As a technology leader and that too of a Firm whic...

Leveraging turnkey projects from conceptualisation to operationalising the projects with technology infusion

Technical projects require a close review of appli...

Changing with market conditions & meeting customer expectations key for businesses to stay relevant and thrive

Digital Transformation by exploring cutting-edge t...

 ICONS OF INDIA  Placeholder image

Technology Icons Of India 2023: Deepinder Goyal

Deepinder Goyal is the Founder and CEO of Zomato. Deepinder, or Deepi,...

Technology Icons Of India 2023: Madhabi Puri Buch

Madhabi Puri Buch is the chairperson of the securities regulatory body...

Technology Icons Of India 2023: Gautam Adani

Gautam Adani is the Founder and the Chairman of the Adani Group, an In...

 PARTNER SPEAKERS  EMINENT CIO'S OF INDIA

Arrow PC Network Empowering Businesses with Visionary Technology Solutions for a Brighter Future

Being in the IT Sector for more than 30 years, the Founder & MD of Arrow PC Ne...

PSSPL strategically Investing in Skills, partnership,and products to cater to its Customers and IT Demands

PSSPL has been working with its customers who are early in using new technolog...

BM Infotrade prioritising digital transformation and CX, while fostering innovation and agility

Undoubtedly people tend to resist the change and find it difficult to adapt to...

 PSU  Placeholder image

INDIANOIL helps reach precious petroleum fuels to every nook and corner of the country 

IndianOil, a diversified, integrated energy major with presence in alm...

STPI encouraging software exports from India  

Software Technology Parks of India (STPI) is an S&T organization under...

HPCL is transforming the energy landscape, across the nation and beyond 

HPCL is world-class energy company known for caring and delighting the...

 VIDEOS  Placeholder image

 Top 25 Brands  Solution partners

Most Trusted Brands 2023 : Tata Consultancy Services (TCS)  

TCS’s commitment to innovation helps it stay ahead of the competition and de...

Most Trusted Brands 2023 : LTImindtree

LTIMindtree is a global technology consulting and digital solutions company t...

Most Trusted Brands 2023 : Reliance Jio Infocomm Limited  

Jio’s vision is to transform India with the power of digital revolution, to...

 Value-Added Distribution  Value-Added Distribution

REDINGTON INDIA LIMITED

Redington (India) Limited operates in the IT product distribution busi...

B D SOFTWARE

BD Software is the distributor of IT security solutions in India. The ...

M. TECH SOLUTIONS (I) PVT. LTD.

M.Tech is a leading cyber security and network performance solutions ...

 ITFORUM 2024  
 WIITF 2024  
   
 CMO of the Year   Placeholder image
 WOMEN LEADERSHIP  Placeholder image
 EMINENT CIO's OF INDIA   Placeholder image
 TRENDS IN TECHNOLOGY  Placeholder image
MORE VIDEOS  Placeholder image
Brand Book
Brand Book
Brand Book
Brand Book
 ADVERTISEMENTS  Placeholder image
 TECHNOLOGY DISRUPTION Placeholder image

Supreme Court's E-Committee releases Manual for its free

Supreme Court's E-Committee releases Manual for its free "e-Courts Services Mobile App" in 14 languages

BEL & IAI sign MoU to address requirements in Short Range Air Defence Systems’ domain

BEL & IAI sign MoU to address requirements in Short Range Air Defence Systems’ domain

Glitches in digital currency raises concerns Globally

Glitches in digital currency raises concerns Globally

Headcount downsizes attributed largely due to increased automation

Headcount downsizes attributed largely due to increased automation

 UNICORNS REVOLUTIONISING Placeholder image

Big Tree Entertainment Private Limited

Big Tree Entertainment Private Limited

Chargebee Technologies Private Limited

Chargebee Technologies Private Limited

A&A DUKAAN FINANCIAL SERVICES PRIVATE LIMITED

A&A DUKAAN FINANCIAL SERVICES PRIVATE LIMITED

Freshworks Inc.

Freshworks Inc.


Copyright www.mybrandbook.co.in @1999-2024 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : www.varindia.com | www.spoindia.org
ADMIRED BRANDS

AFTER MARKET SERVICES

CATEGORIES

DISTRIBUTORS & VADs
GOVERNMENT BODIES

INDUSTRY BODIES

MAKE IN INDIA

CONTACT US

SUBSCRIBE NOW