Security

Vulnerability in UpdraftPlus

‼️

Impact: WordPress sites with the UpdraftPlus plugin installed

We are writing to inform you of a vulnerability in the WordPress plugin UpdraftPlus. As of June 10th at 3pm ET, we have started an automated update procedure for this plugin on WordPress sites hosted across our infrastructure.

What happened?

A vulnerability disclosure for UpdraftPlus was published on June 10th in Wordfence's Vulnerability Database: Critical Unauthenticated Authentication Bypass Vulnerability Patched in UpdraftPlus WordPress Plugin
This vulnerability makes it possible for attackers to forge and run commands as an administrator on sites with UpdraftPlus installed that have been connected to UpdraftCentral, the plugin’s remote site management dashboard.
This vulnerability impacts UpdraftPlus versions 1.26.4 and earlier. It was patched in version 1.26.5. Some older versions of UpdraftPlus appear to use an older versioning scheme and report themselves as version 2x, which is likely impacted as well.
UpdraftPlus is not installed by default by Reclaim Hosting, but has been recommended as a backup solution for WordPress sites.

Current Status

As of June 10th at 3pm ET, we have started an automated update procedure for this plugin on WordPress sites hosted across our infrastructure.
This procedure triggers WordPress's built-in update functionality to upgrade the plugin to/replace the plugin with the latest version available.
- This update procedure covers all WordPress sites with UpdraftPlus installed on Domain of One's Own, Managed Hosting, Reclaim EDU, and Shared Hosting.

Next Steps

We recommend all users of UpdraftPlus check for and install any available updates to the plugin, particularly if you are using version 1.26.4 and earlier or a version reporting as 2x.

Contact our Support Team

If you have any further questions or need assistance, please contact our support team.

Image showing a TV on the horizon of a grid-style foreground displaying the words Reclaim Edtech.ch.

Built To Last: Archiving and Preserving Your Website

One great thing about the web is that publishing is easy. Preservation, on the other hand, can be a bit more complicated. Platforms can change and projects lose funding; faculty retire and students graduate. Digital scholarship projects that once felt permanent can quietly fade away if nobody plans for what

Visual by Visual Thinkery with the words "Open... Source, Education, Web".

Reclaim @ OER26

This year we are excited to take part in the OER26 Conference, Openness Reimagined: Continuity, Change and Shared Vision – happening on 22-23 June 2026, in Milton Keynes, UK. Learn more about OER26 Reclaim has long been a supporter of this wonderful conference and in 2021 we even joined forces for

Vulnerability in Gravity Forms plugin for WordPress

‼️Impacted Services: WordPress sites using Gravity Forms on Domain of One's Own, Managed Hosting, Reclaim EDU, Shared Hosting, and Reclaim Cloud We are writing to inform you of a vulnerability in the WordPress plugin Gravity Forms. As of June 3rd at 1pm ET, we have started an automated

June Newsletter 2026

Hello and welcome to this month's round up of everything that's happening across our community! This Month Open for Entries: Reclaim's Student Showcase 2026 If you are working with students in a Domain of One’s Own, Shared Hosting or a WordPress Multisite, we