Searchenginejournal.com

WordPress Backup Plugin Vulnerability Impacted 3+ Million Installations

Security researcher at Automattic discovered a vulnerability affecting popular WordPress backup plugin, UpdraftPlus. The vulnerability allowed hackers to download user names and hashed passwords.
Ars Technica

Millions of WordPress sites get forced update to patch critical plugin flaw

Millions of WordPress sites have received a forced update over the past day to fix a critical vulnerability in a plugin called UpdraftPlus. The mandatory patch came at the request of UpdraftPlus ...