Critical vulnerability identified in WordPress plugin “BackupBuddy”: (CVE-2022-31474)
We would like to bring to your attention a newly discovered vulnerability within the WordPress plugin “BackupBuddy".
This vulnerability is currently being actively exploited with over five million attempts to exploit having been recorded so far.
The flaw exists within the WordPress plugin BackupBuddy (https://ithemes.com/backupbuddy/) and any WordPress instances with the plugin installed may be affected. This vulnerability allow an unauthenticated attacker to view the contents of any file on the affected server that can could be read by your WordPress installation. This may include the WordPress wp-config.php file and, depending on your server setup, sensitive files like /etc/passwd.”
Affected Versions
- 8.5.8.0 to 8.7.4.1
Remediation
This issue has been remediated in version 8.7.5, all users of the BackupBuddy plugin are advised to upgrade to the latest version available.
References
- https://ithemes.com/blog/wordpress-vulnerability-report-special-edition-september-6-2022-backupbuddy/
- https://www.wordfence.com/blog/2022/09/psa-nearly-5-million-attacks-blocked-targeting-0-day-in-backupbuddy-plugin/
The Evolution of EDR Bypasses: A Historical Timeline
The relationship between Endpoint Detection and Response (EDR) solutions and bypass techniques represents one of cybersecurity’s most dynamic battlegrounds. They are a representation of Cybersecurity as…
Billy Giles joins CovertSwarm as Head of Adversary Simulation for North America
CovertSwarm proudly welcomes Billy Giles as Head of Adversary Simulation for the North America region, strengthening our offensive cybersecurity capabilities and constant cyber attack subscription services.…
ANATOMY OF A BREACH: INSIDE THE MODERN RETAIL ATTACK
Retail breaches don’t start with ransomware. They start with people. From social engineering to persistent access, attackers exploit the unseen gaps in your defenses. Learn how…