The UpdraftPlus: WordPress Backup & Migration Plugin is a plugin used by websites running WordPress. A vulnerability exists in all versions up to, and including, 1.23.10 that can be exploited by attackers. This vulnerability occurs because of a lack of nonce validation and insufficient validation of the instance_id on the ‘updraftmethod-googledrive-auth’ action used to update Google Drive remote storage location. If an attacker can get a site administrator to click on a malicious link they can send a forged request to change the Google Drive location where backups are sent. This can result in the attackers receiving backups for the site which might contain sensitive information.