CVE-2026-10795

HIGH EXPLOITED NUCLEI LAB

UpdraftPlus: WP Backup & Migration Plugin <= 1.26.4 - Unauthenticated Authentication Bypass via UpdraftCentral udrpc

Title source: cna

Exploitation Summary

CVE-2026-10795 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including rootdirective-sec, webshellseo8, izxci. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2026-10795, targeting a vulnerability in UpdraftPlus. The exploit demonstrates a forged RPC message attack using a null key and IV, allowing arbitrary plugin uploads in a controlled Docker lab environment.

Description

The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.26.4 via the UpdraftPlus_Remote_Communications_V2::wp_loaded function. This is due to insufficient validation of the remote communications message format, where signature verification can be bypassed and unchecked decryption return values collapse to a predictable all-zero encryption key. This makes it possible for unauthenticated attackers to forge arbitrary RPC commands and run them as the connected administrator, such as uploading and activating a malicious plugin, which ultimately leads to remote code execution.

Exploits (3)

github WORKING POC

by rootdirective-sec · pythonremote

https://github.com/rootdirective-sec/CVE-2026-10795-Lab

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2026-10795, targeting a vulnerability in UpdraftPlus. The exploit demonstrates a forged RPC message attack using a null key and IV, allowing arbitrary plugin uploads in a controlled Docker lab environment.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: UpdraftPlus 1.26.4

No auth needed

Prerequisites: Docker environment · WordPress with UpdraftPlus 1.26.4

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Jun 15, 2026 Full analysis →

github WORKING POC

by webshellseo8 · pythonpoc

https://github.com/webshellseo8/CVE-2026-10795-POC

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2026-10795, targeting UpdraftPlus WordPress plugin versions <= 1.26.4. The exploit automates authentication bypass, admin account creation, and plugin upload/activation to achieve remote code execution (RCE).

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: UpdraftPlus WordPress plugin <= 1.26.4

No auth needed

Prerequisites: List of target URLs · Python 3 environment · Required Python libraries (requests, Crypto, etc.)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Jun 11, 2026 Full analysis →

github WORKING POC

by izxci · pythonremote

https://github.com/izxci/CVE-2026-10795

View Code ZIP pw:eip

This repository contains a functional exploit PoC for CVE-2026-10795, an authentication bypass vulnerability in UpdraftPlus. The exploit leverages a flaw where RSA decryption failure results in a zero AES key, allowing unauthenticated RPC command execution.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: UpdraftPlus: WP Backup & Migration ≤ 1.26.4

No auth needed

Prerequisites: WordPress with UpdraftPlus ≤ 1.26.4 · Site connected to UpdraftCentral

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Jun 11, 2026 Full analysis →

Nuclei Templates (1)

UpdraftPlus WP Backup & Migration Plugin - Authentication Bypass

HIGHVERIFIEDby theamanrawat

Shodan: http.html:"updraftplus"

FOFA: body="/wp-content/plugins/updraftplus"

References (4)

Core 4

Core References

https://www.wordfence.com/threat-intel/vulnerabilities/id/e901c2a0-2477-4b9a-8483-6002419e0a2f?source=cve

https://plugins.svn.wordpress.org/updraftplus/tags/1.26.4/vendor/team-updraft/common-libs/src/updraft-rpc/class-udrpc2.php

https://plugins.svn.wordpress.org/updraftplus/tags/1.26.4/vendor/team-updraft/common-libs/src/updraft-rpc/class-udrpc.php

https://plugins.trac.wordpress.org/changeset/3561938/updraftplus/trunk/vendor/team-updraft/common-libs/src/updraft-rpc/class-udrpc2.php

Scores

CVSS v3 8.1

EPSS 0.0125

EPSS Percentile 65.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Lab Environment

COMMUNITY

Community Lab

docker pull wordpress:cli-php8.2

docker pull wordpress:6.8.1-php8.2-apache

https://github.com/izxci/CVE-2026-10795

https://github.com/webshellseo8/CVE-2026-10795-POC

https://github.com/rootdirective-sec/CVE-2026-10795-Lab

View in Library

Details

VulnCheck KEV 2026-06-11

CWE

CWE-347

Status published

Products (1)

davidanderson/UpdraftPlus: WP Backup & Migration Plugin < 1.26.4

Published Jun 11, 2026

Tracked Since Jun 11, 2026