THREAT OPS › Threat News › Critical Unauthenticated Authentication Bypass Vulnerability Patched in UpdraftPlus WordPress Plugin
Critical Unauthenticated Authentication Bypass Vulnerability Patched in UpdraftPlus WordPress Plugin
<p>On June 2nd, 2026, we received a submission for a critical Unauthenticated Authentication Bypass vulnerability in <a href="https://wordpress.org/plugins/updraftplus/" rel="noopener" target="_blank">UpdraftPlus</a>, a WordPress plugin with more than 3 million active installations. Although the plugin has such a large install base, the vulnerability is only exploitable on sites that have previous
MITRE ATT&CK techniques
- VulnerabilitiesT1588.006
Indicators of compromise
- 1c1b546a12d84fed2baef341908cf4a9md5
- CVE-2026-10795cve
- https://wordpress.org/plugins/updraftplus/url
- https://www.cve.org/CVERecord?id=CVE-2026-10795url
- www.gravatar.comdomain