- This topic has 3 replies, 2 voices, and was last updated 8 years, 12 months ago by Bob.
-
Posts
-
I’m afraid Bluehost is once again confused about the version numbers on the paid and free versions of UpdraftPlus. They’re sending all my paid version clients emails similar to the one forwarded below. I’ve opened a tech support case explaining the error, but it will probably never get beyond Level 1 support–so let’s hope whoever is actually preparing the update has a clue and they don’t end up corrupting any installs.
———- Forwarded message ———-
From: BlueHost.com <[email protected]>
Date: Wed, Apr 22, 2015 at 2:40 PM
Subject: WordPress Emergency Plugin Update(s) for flyingsealsystems.com
To: [email protected]Dear Robert,
A new version of the WordPress plugin “UpdraftPlus Backup and Restoration” (1.9.64) has been released. A recent hack was found in older versions of this plugin which allows an attacker to perform Cross-site Scripting (XSS) with no authentication required.
Over the next 48 hours we will be making every attempt to upgrade any “UpdraftPlus Backup and Restoration” plugins to the most recent version 1.9.64. We strongly encourage you to check your plugin version to make sure it is on the newest version. We also recommend you update your WordPress installation(s), plugins, and themes to the most current versions to prevent any additional vulnerabilities.
<snip>
Hi Bob,
You ought to be safe this time. Paid UpdraftPlus versions now begin with a 2. in the version number – e.g. 2.9.64.1. So, presuming that their tool does any kind of version number comparison, the latest free version, 1.9.64, can’t be counted as later than any paid version, even if the paid version hasn’t been updated to the latest.
Best wishes,
David
- The topic ‘Bluehost Emergency Updates’ is closed to new replies.