Friday, July 10, 2026 Everything about Online Businesses, Web & AI
About
Home / SEO
SEO

WordPress plugin can impact more than 3M installation

The new WordPress plugin “UpdraftPlus” came up with the vulnerability. This allows the hackers to download user names and passwords. It puts the resources at risk. The Automattic are calling it a “severe vulnerability”. UpdraftPlus is one of the popular WordPress plugins. It has active usage over 3

WordPress plugin can impact more than 3M installation

The new WordPress plugin “UpdraftPlus” came up with the vulnerability. This allows the hackers to download user names and passwords. It puts the resources at risk. The Automattic are calling it a “severe vulnerability”.

UpdraftPlus is one of the popular WordPress plugins. It has active usage over 3 million websites. This plugin also features the administrators to backup their WordPress installation. It was such an excellent plugin, enabling to backup of the entire database. The database can also feature credentials, passwords, and other information.

Publishers relied on this WordPress plugin. It also featured a high-security standard safeguarding sensitive data. Security researchers at Automattic Jetpack identified the vulnerability.

They also came up with the other two vulnerabilities. UpdraftPlus security tokens named “nonces” hold the potential to get leaked. An attacker can make the backup. To which WordPress gave defense on that issue. Nonces were also never meant for the first line of defense against the hacker.

WordPress also explained the first vulnerability, “Nonces should never be relied on for authentication, authorization, or access control. Protect your functions using current_user_can(), and always assume nonces can be compromised.”

The second vulnerability was the improper validation of the registered user’s role. WordPress developers to take steps to lock down plugins. The improper validation also allows the open-source download of any backup. It put out all the sensitive information at threat.

The United States Government National Vulnerability database showed concern. It cautions the use of UpdraftPlus. Also, it doesn’t confirm user experience and restrains the right privileges.

The vulnerability is severe. Also, ignoring the vulnerability, WordPress forced the automatic updates. The installations are not the latest version.

The latest UpdraftPlus free version is going to have the premium versions. They are more vulnerable to the attack. The free version 1.22.3 and the UpdraftPlus premium versions are also vulnerable to attack. Publishers are at their own risk to go ahead with these versions.

Advertisement
I

Ishita

Writer, E-commerce & Social

Ishita covers e-commerce, social platforms and the tools online sellers use to grow their stores and audiences.

More in SEO

View all
SEO

The Complete Guide to SEO in 2026

A comprehensive, practical guide to search engine optimization in 2026 — how search works now, the three pillars, keyword and content strategy, technical SEO, links, and how AI is changing the game.

Navneet · July 11, 2026

Keep up with the web & AI

New guides and analysis on SEO, e-commerce, domains and AI — every week.

Subscribe via RSS Browse all topics