Updraftplus is a plugin used by most WordPress sites for backing up the data. This plugin is used by almost three million people worldwide. Previously, it was reported that this plugin was vulnerable to authenticated backup download vulnerability, where an attacker can guess the timestamp of the backup and exploit it during the backup time.
Updraftplus released patches to fix the vulnerability by the time it surfaced. Most companies use the backup option as a safety measure. Backups can be considered as an ocean of information that might even contain security credentials that can expose sensitive databases.
Companies usually prevent it from going to the public. However, Recently it was found that obtaining information about the time of backup and timestamp can be obtained relatively easier making this vulnerability more exploitable.
Marc Montpas, a security researcher recently reported that any logged-in user including subscriber-level users can download the backup data made with this…
