Support » Plugin: UpdraftPlus WordPress Backup Plugin » SSRF vulnerability (Server-Side Request Forgery)

  • Resolved dydydy


    Reading the code of your plugin, I think you have a SSRF vulnerability.
    SSRF vulnerability has been found in the file /UpdraftPlus/admin.php parameter uri.
    The poc is:

    I still looking for more security issues in the application. If I find more I will contact you.I hope this helps you in improving the security of you application and look forward to new versions of the application being released.
    If you approve this vulnerability,please add author information to release changelog or readme, i will appreciate it.

    dydydy # ADLab of Venustech

    • This topic was modified 6 months, 1 week ago by  dydydy.
Viewing 1 replies (of 1 total)
  • Plugin Author David Anderson


    No, it’s intended that the user can provide an arbitrary URL there. The nonce and permissions check ensure that only a logged-in WP admin can use it. And of course, a logged-in WP admin can install any plugin that can do anything. So, there’s no issue here.

Viewing 1 replies (of 1 total)
  • The topic ‘SSRF vulnerability (Server-Side Request Forgery)’ is closed to new replies.