A vulnerability in the UpdraftPlus: WP Backup & Migration Plugin affects over 3 million WordPress websites and allows unauthenticated attackers to execute commands as an administrator.

not specified

Who

unauthenticated attackers, UpdraftPlus, WordPress

What

When

Thu, 11 Jun 2026 10:23:42 GMT · 2h 50m ago

Where

not specified ·

Why

The vulnerability is due to insufficient validation of the remote communications message format, allowing signature verification to be bypassed.

The Frontline Impact

How this affects you

This flaw enables attackers to upload and activate malicious plugins, which can lead to remote code execution and potentially give them control over compromised websites. Wordfence reported blocking 8,172 attacks attempting to exploit this vulnerability within a 24-hour period.

Story chain

1 event in this thread

No related history yet - this is the origin event.

Verified Sources & Citations

Search Engine Journal
https://www.searchenginejournal.com/updraftplus-wordpress-vulnerability-puts-3-million-sites-at-risk/578912/
HIGH

Credibility ratings reflect the AI ingestion pipeline's assessment of source provenance.