[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fWKLURN0KNDf1Iom7upvTjl-nyZzneLKtM9cJkzSCPU4":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"WF-c75bfba9-b25a-4966-835c-8d22736de809-updraftplus","updraftplus-wordpress-backup-plugin-nonce-leak-to-authorization-bypass","UpdraftPlus WordPress Backup Plugin \u003C= 1.9.50 - Nonce Leak to Authorization Bypass","The UpdraftPlus WordPress Backup Plugin for WordPress is vulnerable to nonce leak which leads to authorization bypass in versions up to, and including, 1.9.50. This is due to incorrect use of several 'admin_action_' hooks. This makes it possible for authenticated attackers to arbitrarily upload files, download backups and retrieve secret keys.","updraftplus",null,"\u003C1.9.51","1.9.51","critical",9.9,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:H\u002FI:H\u002FA:H","Improper Privilege Management","2015-02-03 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc75bfba9-b25a-4966-835c-8d22736de809?source=api-prod",3276]