CVE-2022-0633

CVE-2022-0633: UpdraftPlus Free < 1.22.3 & Premium < 2.22.3 - Subscriber+ Backup Download

Vendor Updraftplus

Product UpdraftPlus WordPress Backup Plugin (Free)

Weakness CWE-863 · Incorrect authorization

Published February 17, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download the most recent site & database backup.

Key dates

02Disclosure timeline

February 17, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0633 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

Identifiers

CVE CVE-2022-0633

CWE CWE-863

Affected versions

Vendor Updraftplus

Product UpdraftPlus WordPress Backup Plugin (Free)

Affected ≥ 1.22.3 and < 1.22.3

Vendor Updraftplus

Product UpdraftPlus WordPress Backup Plugin (Premium)

Affected ≥ 2.22.3 and < 2.22.3

CVE-2022-0633: UpdraftPlus Free < 1.22.3 & Premium < 2.22.3 - Subscriber+ Backup Download

01Description

02Disclosure timeline

03References

04Related CVE