Critical vulnerability identified in WordPress plugin “BackupBuddy”: (CVE-2022-31474)
We would like to bring to your attention a newly discovered vulnerability within the WordPress plugin “BackupBuddy".
This vulnerability is currently being actively exploited with over five million attempts to exploit having been recorded so far.
The flaw exists within the WordPress plugin BackupBuddy (https://ithemes.com/backupbuddy/) and any WordPress instances with the plugin installed may be affected. This vulnerability allow an unauthenticated attacker to view the contents of any file on the affected server that can could be read by your WordPress installation. This may include the WordPress wp-config.php file and, depending on your server setup, sensitive files like /etc/passwd.”
Affected Versions
- 8.5.8.0 to 8.7.4.1
Remediation
This issue has been remediated in version 8.7.5, all users of the BackupBuddy plugin are advised to upgrade to the latest version available.
References
- https://ithemes.com/blog/wordpress-vulnerability-report-special-edition-september-6-2022-backupbuddy/
- https://www.wordfence.com/blog/2022/09/psa-nearly-5-million-attacks-blocked-targeting-0-day-in-backupbuddy-plugin/
CovertSwarm Secures Spot in TechRound’s Top 100 for 2024
We’re buzzing with excitement to share some incredible news—CovertSwarm has been ranked #31 in TechRound’s prestigious Top 100 list for 2024! This recognition underscores the relentless…
Is Your Business Secured Like an Egg or an Onion?
Cybersecurity isn’t about building an impenetrable shell; it’s about creating a resilient system that keeps attackers out—or contains them if they get in.
An In-Depth Guide to Remote Desktop Protocol (RDP)
The continually changing nature of today’s workplace has made remote access technology essential.