Skip to content

Critical vulnerability identified in WordPress plugin “BackupBuddy”: (CVE-2022-31474)

We would like to bring to your attention a newly discovered vulnerability within the WordPress plugin “BackupBuddy".

  • Resources
  • Glossary
  • Critical vulnerability identified in WordPress plugin “BackupBuddy”: (CVE-2022-31474)

This vulnerability is currently being actively exploited with over five million attempts to exploit having been recorded so far.

The flaw exists within the WordPress plugin BackupBuddy (https://ithemes.com/backupbuddy/) and any WordPress instances with the plugin installed may be affected. This vulnerability allow an unauthenticated attacker to view the contents of any file on the affected server that can could be read by your WordPress installation. This may include the WordPress wp-config.php file and, depending on your server setup, sensitive files like /etc/passwd.”

Affected Versions

  • 8.5.8.0 to 8.7.4.1

Remediation

This issue has been remediated in version 8.7.5, all users of the BackupBuddy plugin are advised to upgrade to the latest version available.

References

Threat-Led Red Teaming in Regulated Financial Systems

Proving Resilience: The Role of Regulator-Led Testing in Strengthening Market Stability.

How regulator-led testing fortifies market stability and sets a national standard Cyber threats are constantly evolving, with organizations facing sophisticated and persistent campaigns orchestrated by well-resourced…
Close-up of a mechanical keyboard with red-lit keys, symbolizing offensive cybersecurity activity.

The Evolution of EDR Bypasses: A Historical Timeline

The relationship between Endpoint Detection and Response (EDR) solutions and bypass techniques represents one of cybersecurity’s most dynamic battlegrounds. They are a representation of Cybersecurity as…
Billy Giles, Head of Adversary Simulation at CovertSwarm North America, bringing over two decades of offensive cyber operations experience to strengthen constant cyber attack capabilities.

Billy Giles joins CovertSwarm as Head of Adversary Simulation for North America

CovertSwarm proudly welcomes Billy Giles as Head of Adversary Simulation for the North America region, strengthening our offensive cybersecurity capabilities and constant cyber attack subscription services.…