WordPress Plugin Flaw Puts 3 Million Sites at Risk of Injection Attacks

A critical vulnerability has been found in the UpdraftPlus: WP Backup & Migration Plugin, affecting over 3 million WordPress sites.

This flaw allows unauthenticated attackers to exploit a PHP Object Injection vulnerability by deserializing untrusted input.

The issue impacts all plugin versions up to 1.24.11, but version 1.24.12 includes a patch to fix this risk.

WordPress Plugin Flaw

The vulnerability, documented as CVE-2024-10957 with a CVSS score of 8.8, is a high-risk issue.

It stems from the recursive_unserialized_replace function in the plugin’s code, allowing attackers to inject PHP objects and compromise website security.

No known PoC chains have been reported for this vulnerability in the software itself. However, if another plugin or theme has a vulnerability, the risks could increase.

The exploit requires an admin to perform a search-and-replace action, which activates the flaw. If exploited, it can lead to severe consequences, such as file deletions, sensitive data theft, and remote code execution. This highlights the need for regular updates and vigilance in managing WordPress sites.

Website owners using the UpdraftPlus plugin should act promptly to protect their sites by updating to version 1.24.12 or any later version that includes the fix for this vulnerability. The update process is simple and can be done directly through the WordPress dashboard, making it easy for website administrators to apply the patch without technical expertise.

By updating the plugin, website owners can reduce the risk of exploitation and protect their websites from potential attacks, such as unauthorized file deletions, data breaches, or remote code execution. Regularly updating plugins is a critical step in maintaining the security of WordPress installations.

Website admins should review their WordPress sites and plugins for vulnerabilities. Keeping all software up-to-date is key to ensuring security. Staying informed about threats like CVE-2024-10957 and applying updates quickly can help prevent breaches.