Critical vulnerability identified in WordPress plugin “BackupBuddy”: (CVE-2022-31474)
We would like to bring to your attention a newly discovered vulnerability within the WordPress plugin “BackupBuddy".
This vulnerability is currently being actively exploited with over five million attempts to exploit having been recorded so far.
The flaw exists within the WordPress plugin BackupBuddy (https://ithemes.com/backupbuddy/) and any WordPress instances with the plugin installed may be affected. This vulnerability allow an unauthenticated attacker to view the contents of any file on the affected server that can could be read by your WordPress installation. This may include the WordPress wp-config.php file and, depending on your server setup, sensitive files like /etc/passwd.”
Affected Versions
- 8.5.8.0 to 8.7.4.1
Remediation
This issue has been remediated in version 8.7.5, all users of the BackupBuddy plugin are advised to upgrade to the latest version available.
References
- https://ithemes.com/blog/wordpress-vulnerability-report-special-edition-september-6-2022-backupbuddy/
- https://www.wordfence.com/blog/2022/09/psa-nearly-5-million-attacks-blocked-targeting-0-day-in-backupbuddy-plugin/
Frontier AI models are exciting.
CovertSwarm COO Luke Potter on why frontier AI is genuinely exciting, why most of the conversation is asking the wrong questions, and what it means for…
AI Sharpens the Question. It Doesn’t Change the Answer.
The cyber security industry has spent decades selling findings instead of answers. AI tools like Mythos make the problem faster and louder. Here’s why the only…
Constant Cyber Attack: What People Keep Getting Wrong
There are a lot of terms floating around offensive security right now. COST. CTEM. Exposure validation. Some of it is useful. Most of it is new…