THREATOPS
THREAT OPSThreat News › Critical Unauthenticated Authentication Bypass Vulnerability Patched in UpdraftPlus WordPress Plugin

Critical Unauthenticated Authentication Bypass Vulnerability Patched in UpdraftPlus WordPress Plugin

lowwordfencePublished 2026-06-10

<p>On June 2nd, 2026, we received a submission for a critical Unauthenticated Authentication Bypass vulnerability in <a href="https://wordpress.org/plugins/updraftplus/" rel="noopener" target="_blank">UpdraftPlus</a>, a WordPress plugin with more than 3 million active installations. Although the plugin has such a large install base, the vulnerability is only exploitable on sites that have previous

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://www.wordfence.com/blog/2026/06/critical-unauthenticated-authentication-bypass-vulnerability-patched-in-updraftplus-wordpress-plugin/