Vigil@nce - WordPress UpdraftPlus: privilege escalation
February 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use WordPress UpdraftPlus, in order to escalate
his privileges.
– Impacted products: WordPress Plugins
– Severity: 2/4
– Creation date: 04/02/2015
DESCRIPTION OF THE VULNERABILITY
The UpdraftPlus plugin can be installed on WordPress.
However, an attacker can read the nonce, in order to perform
privileged operations.
An attacker can therefore use WordPress UpdraftPlus, in order to
escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/WordPress-UpdraftPlus-privilege-escalation-16109