Critical vulnerability identified in WordPress plugin “BackupBuddy”: (CVE-2022-31474)
We would like to bring to your attention a newly discovered vulnerability within the WordPress plugin “BackupBuddy".
This vulnerability is currently being actively exploited with over five million attempts to exploit having been recorded so far.
The flaw exists within the WordPress plugin BackupBuddy (https://ithemes.com/backupbuddy/) and any WordPress instances with the plugin installed may be affected. This vulnerability allow an unauthenticated attacker to view the contents of any file on the affected server that can could be read by your WordPress installation. This may include the WordPress wp-config.php file and, depending on your server setup, sensitive files like /etc/passwd.”
Affected Versions
- 8.5.8.0 to 8.7.4.1
Remediation
This issue has been remediated in version 8.7.5, all users of the BackupBuddy plugin are advised to upgrade to the latest version available.
References
- https://ithemes.com/blog/wordpress-vulnerability-report-special-edition-september-6-2022-backupbuddy/
- https://www.wordfence.com/blog/2022/09/psa-nearly-5-million-attacks-blocked-targeting-0-day-in-backupbuddy-plugin/
Why I founded CovertSwarm after annual pen tests failed me
Almost every business I worked for got breached. Our teams did the same thing each time: an occasional pen test, a thick report full of findings,…
When a former UK Government cyber operations chief says AI is “limitless” in Offensive Security, we should pay attention
Jim Clover says AI has made offensive cyber “limitless.” Attackers are using it now. The horse has already bolted. And if your red team isn’t keeping…
What Is Constant Cyber Attack?
CovertSwarm COO Luke Potter explains why traditional testing no longer reflects how real attackers operate. In this piece, he defines constant cyber attack, a discipline built…