A new ‘vulnerability’ has been exposed in Updraft and Updraft Plus. Updraft and Updraft Plus are WordPress plugins that are designed for backing up, restoring and cloning your WordPress installation. It is described as “The world’s most trusted WordPress backup, restore and clone plugin“.
The only thing that has been released to the public at this time is from the developer of Updraft in a message , which states: “The short version is: you should update. To get the details, read on.”. You can read Updraft’s write-up on these new releases.
Ironically, on their website they state: Hacking, server crashes, dodgy updates or simple user error can ruin your WordPress site. That’s why you need UpdraftPlus. Keep your WordPress site safe and install now!
There is much in the detail department about the vulnerability, just that you need to update your plugins. Version 1.22.4 of Updraft and version 2.22.4 of Updraft Plus are patched from this vulnerability.
Any WordPress website that Simply Web Services manages that uses this plugin has already been updated. For more informaiton about this vulnerability, please see CVE-2022-23303