CVE-2022-0633 - OpenCVE

The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download the most recent site & database backup.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Updraftplus	Updraftplus

Configuration 1 [-]

OR	cpe:2.3:a:updraftplus:updraftplus:::::free:wordpress::
	cpe:2.3:a:updraftplus:updraftplus:::::premium:wordpress::

No data.

References

Link	Providers
http://packetstormsecurity.com/files/166059/WordPress-UpdraftPlus-1.22.2-Backup-Disclosure.html
https://jetpack.com/2022/02/17/severe-vulnerability-fixed-in-updraftplus-1-22-3/
https://updraftplus.com/updraftplus-security-release-1-22-3-2-22-3/
https://wpscan.com/vulnerability/d257c28f-3c7e-422b-a5c2-e618ed3c0bf3

History

No history.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-02-17T18:45:11

Updated: 2024-08-02T23:32:46.437Z

Reserved: 2022-02-16T00:00:00

Link: CVE-2022-0633

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-02-17T19:15:08.030

Modified: 2022-02-18T21:19:33.647

Link: CVE-2022-0633

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "UpdraftPlus WordPress Backup Plugin (Free)", "vendor": "UpdraftPlus", "versions": [{"lessThan": "1.22.3", "status": "affected", "version": "1.22.3", "versionType": "custom"}]}, {"product": "UpdraftPlus WordPress Backup Plugin (Premium)", "vendor": "UpdraftPlus", "versions": [{"lessThan": "2.22.3", "status": "affected", "version": "2.22.3", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Marc Montpas"}], "descriptions": [{"lang": "en", "value": "The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download the most recent site & database backup."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-02-18T18:06:20", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/d257c28f-3c7e-422b-a5c2-e618ed3c0bf3"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://updraftplus.com/updraftplus-security-release-1-22-3-2-22-3/"}, {"tags": ["x_refsource_MISC"], "url": "https://jetpack.com/2022/02/17/severe-vulnerability-fixed-in-updraftplus-1-22-3/"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/166059/WordPress-UpdraftPlus-1.22.2-Backup-Disclosure.html"}], "source": {"discovery": "EXTERNAL"}, "title": "UpdraftPlus Free < 1.22.3 & Premium < 2.22.3 - Subscriber+ Backup Download", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2022-0633", "STATE": "PUBLIC", "TITLE": "UpdraftPlus Free < 1.22.3 & Premium < 2.22.3 - Subscriber+ Backup Download"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "UpdraftPlus WordPress Backup Plugin (Free)", "version": {"version_data": [{"version_affected": "<", "version_name": "1.22.3", "version_value": "1.22.3"}]}}, {"product_name": "UpdraftPlus WordPress Backup Plugin (Premium)", "version": {"version_data": [{"version_affected": "<", "version_name": "2.22.3", "version_value": "2.22.3"}]}}]}, "vendor_name": "UpdraftPlus"}]}}, "credit": [{"lang": "eng", "value": "Marc Montpas"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download the most recent site & database backup."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-863 Incorrect Authorization"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/d257c28f-3c7e-422b-a5c2-e618ed3c0bf3", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/d257c28f-3c7e-422b-a5c2-e618ed3c0bf3"}, {"name": "https://updraftplus.com/updraftplus-security-release-1-22-3-2-22-3/", "refsource": "CONFIRM", "url": "https://updraftplus.com/updraftplus-security-release-1-22-3-2-22-3/"}, {"name": "https://jetpack.com/2022/02/17/severe-vulnerability-fixed-in-updraftplus-1-22-3/", "refsource": "MISC", "url": "https://jetpack.com/2022/02/17/severe-vulnerability-fixed-in-updraftplus-1-22-3/"}, {"name": "http://packetstormsecurity.com/files/166059/WordPress-UpdraftPlus-1.22.2-Backup-Disclosure.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/166059/WordPress-UpdraftPlus-1.22.2-Backup-Disclosure.html"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:32:46.437Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/d257c28f-3c7e-422b-a5c2-e618ed3c0bf3"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://updraftplus.com/updraftplus-security-release-1-22-3-2-22-3/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jetpack.com/2022/02/17/severe-vulnerability-fixed-in-updraftplus-1-22-3/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/166059/WordPress-UpdraftPlus-1.22.2-Backup-Disclosure.html"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2022-0633", "datePublished": "2022-02-17T18:45:11", "dateReserved": "2022-02-16T00:00:00", "dateUpdated": "2024-08-02T23:32:46.437Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:updraftplus:updraftplus:*:*:*:*:free:wordpress:*:*", "matchCriteriaId": "24F5FC85-3B30-47E3-B4F1-45EA6B0CE29A", "versionEndExcluding": "1.22.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:updraftplus:updraftplus:*:*:*:*:premium:wordpress:*:*", "matchCriteriaId": "03044625-4866-42F4-8240-C7F7945339FF", "versionEndExcluding": "2.22.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download the most recent site & database backup."}, {"lang": "es", "value": "El plugin UpdraftPlus Free de WordPress versiones anteriores a 1.22.3 y Premium versiones anteriores a 2.22.3, no comprueba apropiadamente que un usuario tenga los privilegios necesarios para acceder al identificador nonce de una copia de seguridad, lo que puede permitir a cualquier usuario con una cuenta en el sitio (como suscriptor) descargar la copia de seguridad m\u00e1s reciente del sitio y de la base de datos"}], "id": "CVE-2022-0633", "lastModified": "2022-02-18T21:19:33.647", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-17T19:15:08.030", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/166059/WordPress-UpdraftPlus-1.22.2-Backup-Disclosure.html"}, {"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://jetpack.com/2022/02/17/severe-vulnerability-fixed-in-updraftplus-1-22-3/"}, {"source": "contact@wpscan.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://updraftplus.com/updraftplus-security-release-1-22-3-2-22-3/"}, {"source": "contact@wpscan.com", "tags": ["Third Party Advisory"], "url": "https://wpscan.com/vulnerability/d257c28f-3c7e-422b-a5c2-e618ed3c0bf3"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "contact@wpscan.com", "type": "Secondary"}]}