CVE-2022-0633

The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download the most recent site & database backup.
Configurations

Configuration 1

cpe:2.3:a:updraftplus:updraftplus:*:*:*:*:premium:wordpress:*:*
cpe:2.3:a:updraftplus:updraftplus:*:*:*:*:free:wordpress:*:*

Information

Published : 2022-02-17 07:15

Updated : 2022-02-18 09:19


NVD link : CVE-2022-0633

Mitre link : CVE-2022-0633

Products Affected
No products.
CWE