Critical Unauthenticated Authentication Bypass Vulnerability Patched in UpdraftPlus WordPress Plugin 

On June 2nd, 2026, we received a submission for a critical Unauthenticated Authentication Bypass vulnerability in UpdraftPlus, a WordPress plugin with more than 3 million active installations. Although the plugin has such a large install base, the vulnerability is only exploitable on sites that have previously been connected to UpdraftCentral, the plugin’s remote site management dashboard.
The post Critical Unauthenticated Authentication Bypass Vulnerability Patched in UpdraftPlus WordPress Plugin appeared first on Wordfence.WordfenceRead More