Critical vulnerability identified in WordPress plugin “BackupBuddy”: (CVE-2022-31474)
We would like to bring to your attention a newly discovered vulnerability within the WordPress plugin “BackupBuddy".
This vulnerability is currently being actively exploited with over five million attempts to exploit having been recorded so far.
The flaw exists within the WordPress plugin BackupBuddy (https://ithemes.com/backupbuddy/) and any WordPress instances with the plugin installed may be affected. This vulnerability allow an unauthenticated attacker to view the contents of any file on the affected server that can could be read by your WordPress installation. This may include the WordPress wp-config.php file and, depending on your server setup, sensitive files like /etc/passwd.”
Affected Versions
- 8.5.8.0 to 8.7.4.1
Remediation
This issue has been remediated in version 8.7.5, all users of the BackupBuddy plugin are advised to upgrade to the latest version available.
References
- https://ithemes.com/blog/wordpress-vulnerability-report-special-edition-september-6-2022-backupbuddy/
- https://www.wordfence.com/blog/2022/09/psa-nearly-5-million-attacks-blocked-targeting-0-day-in-backupbuddy-plugin/
AI: The Great Equalizer in Cyber Offense
AI has erased the barrier between elite hackers and everyone else. From ransomware to large-scale extortion, attackers are now using AI to compress months of work…
Cobalt Strike External C2 Passthrough Guide
Cobalt Strike’s passthrough mode reshapes how red teams use External C2. By taking control of shellcode staging and custom channels, operators can bypass static detections and…
Part 2: CBEST Series – Operational Resilience
CBEST threat-led testing proves whether your organization can withstand real-world attacks, uncovering hidden weaknesses and driving true operational resilience.