The restored_plugins() function contains multiple security vulnerabilities including insecure deserialization of untrusted data and insufficient authorization checks for plugin deactivation operations.

This vulnerability affects the following application versions:

  • UpdraftPlus: WordPress Backup & Migration Plugin 1.23.13
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.23.15
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.23.16
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.24.1
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.24.2
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.24.3
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.24.4
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.24.5
  • UpdraftPlus: WordPress Backup & Migration Plugin 1.24.6

Skriv et svar

Din e-mailadresse vil ikke blive publiceret. Krævede felter er markeret med *