Security Advisory

CVE-2022-0633

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-02-17 18:45:11

Last updated 2024-08-02 23:32:46

Assigner WPScan

State PUBLISHED

Description

The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backups nonce identifier, which may allow any users with an account on the site (such as subscriber) to download the most recent site & database backup.

← Browse all CVEs View on cve.org ↗