9 matches found
CVE-2022-31474
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1...
CVE-2022-31474 WordPress BackupBuddy Plugin 8.5.8.0-8.7.4.1 is vulnerable to Directory Traversal
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1...
CVE-2022-31474 WordPress BackupBuddy Plugin 8.5.8.0-8.7.4.1 is vulnerable to Directory Traversal
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1...
Zero-day Vulnerability in the WordPress BackupBuddy Plugin
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A zero-day vulnerability in the BackupBuddy WordPress plugin is being actively exploited. There are an estimated 140,000 active installations of the plugin, and the arbitrary file download/read...
BackupBuddy WordPress plugin vulnerable to exploitation, update now!
Users of WordPress may need to perform an urgent update related to the popular BackupBuddy plugin. BackupBuddy is a plugin which offers backup solutions designed to combat "hacks, malware, user error, deleted files, and running bad commands". Unfortunately, running an older version of BackupBuddy...
CVE-2022-31474
creationtimestamp| type| source ---|---|--- 2022-09-09 11:10:06+00:00| exploited| https://t.me/truesecator/3395 2022-09-12 08:45:23+00:00| exploited| https://t.me/itsecnews/1404 2022-09-30 11:13:08+00:00| seen| MISP/305612d3-f4b3-4091-821e-154c12380646 2022-10-01 06:30:54+00:00| exploited|...
Hackers Exploit Zero-Day in WordPress BackupBuddy Plugin in ~5 Million Attempts
A zero-day flaw in a WordPress plugin called BackupBuddy is being actively exploited, WordPress security company Wordfence has disclosed. "This vulnerability makes it possible for unauthenticated users to download arbitrary files from the affected site which can include sensitive information," it...
WordPress BackupBuddy 8.7.4.1 Arbitrary File Read Vulnerability
WordPress BackupBuddy plugin versions 8.5.8.0 through 8.7.4.1 suffer from an arbitrary file read and download vulnerability. Description: Arbitrary File Download/Read Affected Plugin: BackupBuddy Plugin Slug: backupbuddy Plugin Developer: iThemes Affected Versions: 8.5.8.0 – 8.7.4.1 CVE ID:...
PSA: Nearly 5 Million Attacks Blocked Targeting 0-Day in BackupBuddy Plugin
Late evening, on September 6, 2022, the Wordfence Threat Intelligence team was alerted to the presence of a vulnerability being actively exploited in BackupBuddy, a WordPress plugin we estimate has around 140,000 active installations. This vulnerability makes it possible for unauthenticated users...