Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in UpdraftPlus WordPress Backup Plugin 1.16.56

  • Severity: high-risk
  • Status: Fixed
  • Publication: July 12, 2021

The UpdraftPlus plugin is a plugin for WordPress, a popular website building platform. In versions up to and including 1.16.56 of the plugin, there is a vulnerability called Local File Inclusion. This means that attackers who have administrator-level permissions on the website can use the vulnerability to include and execute any file on the server. This can allow them to bypass access controls, get sensitive information, or even execute certain types of code, even if the website only allows uploading of “safe” file types like images.

Detected in:

UpdraftPlus WordPress Backup & Migration Plugin fixed vulnerable versions:
UpdraftPlus WordPress Backup Plugin fixed vulnerable versions: >= * <= 1.16.56
UpdraftPlus: WP Backup & Migration Plugin fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.