Critical vulnerability identified in WordPress plugin “BackupBuddy”: (CVE-2022-31474)
We would like to bring to your attention a newly discovered vulnerability within the WordPress plugin “BackupBuddy".
We would like to bring to your attention a newly discovered vulnerability within the WordPress plugin “BackupBuddy".
This vulnerability is currently being actively exploited with over five million attempts to exploit having been recorded so far.
The flaw exists within the WordPress plugin BackupBuddy (https://ithemes.com/backupbuddy/) and any WordPress instances with the plugin installed may be affected. This vulnerability allow an unauthenticated attacker to view the contents of any file on the affected server that can could be read by your WordPress installation. This may include the WordPress wp-config.php file and, depending on your server setup, sensitive files like /etc/passwd.”
This issue has been remediated in version 8.7.5, all users of the BackupBuddy plugin are advised to upgrade to the latest version available.
The call nobody talks about
The attack call is the one that gets written up in the report. But in James Sheppard’s experience, it’s rarely the most important call he makes.
DORA Threat-Led Penetration Testing: What article 26 actually requires
Annual penetration testing does not satisfy DORA’s testing mandate. Here’s what Article 26 actually requires, who it applies to, and what a real TLPT exercise looks…
Deloitte ranks CovertSwarm among EMEA’s 500 fastest-growing tech companies.
Based on verified revenue growth of 595.89% over three years. Here’s what the number means and why the model behind it was built this way from…