Security
Headlines
HeadlinesLatestCVEs

Headline

BackupBuddy WordPress plugin vulnerable to exploitation, update now!

Categories: News Tags: BackupBuddy

Tags: WordPress

Tags: vulnerability

Tags: exploit

Tags: hack

Tags: compromise

Tags: update

We take a look at a vulnerability in popular WordPress plugin BackupBuddy, and the steps you need to take to fix it.

(Read more…)

The post BackupBuddy WordPress plugin vulnerable to exploitation, update now! appeared first on Malwarebytes Labs.

Malwarebytes
#vulnerability#wordpress#php#perl#auth

Users of WordPress may need to perform an urgent update related to the popular BackupBuddy plugin. BackupBuddy is a plugin which offers backup solutions designed to combat “hacks, malware, user error, deleted files, and running bad commands”. Unfortunately, running an older version of BackupBuddy could leave your site open to potential breaches. According to Security Week, the issue tagged as CVE-2022-31474 is down to an “insecure method of downloading the backups for local storing”. This results in people being able to grab files from the server without having been properly authenticated first.

Traversing a WordPress installation

The vulnerability is listed as a “Directory Traversal Vulnerability”, and affects users running BackupBuddy from version 8.5.8.0 up to 8.7.4.1. The developers make the following observations:

  • Using this vulnerability, attackers can view the contents of any file on your server which is readable by the WordPress installation. Sensitive files could be made available to the attackers, which is not something you’d want to happen.
  • The vulnerability is being actively exploited in the wild. Sometimes you get lucky and find that something has been patched before anyone can make use of it. This isn’t the case here, sadly.
  • The developers have made the security update available to anybody running BackupBuddy, regardless of version. No matter which licence you’re using, you can apply the fix. In theory, there is no need for anyone, anywhere to be running a vulnerable installation with the fix available to install.

Next steps to take for BackupBuddy users

  • Backup to version 8.7.5 right away. You should be doing this whether or not you’re concerned by the above security issue. Old versions of products frequently fall victim to additional security issues over time, especially if they’re no longer maintained.
  • Reset your database password if you suspect there’s been a compromise of your WordPress installation.
  • Change your WordPress salts. These are tools at your disposal used to help keep passwords for your site secure.
  • Reset and update anything else not for public consumption in your wp-config.php, for example stored API keys for other services.

The risks of not updating your site and plugins

WordPress is an immensely popular target for people fully invested in site compromise. Hijacked sites can be used for SEO poisoning, redirecting to malicious sites, spam, malware installation, phishing, and more.

If you’re running BackupBuddy, go and check your current version and update right away. Once that’s done, it would be wise to ensure everything else on your WordPress installation is fully up to date too. Let’s not make it easy for those up to no good: It won’t help your business, or the people who make use of your site.

Related news

CVE-2022-31474: WordPress Vulnerability Report, Special Edition – September 6, 2022: BackupBuddy

Directory Traversal vulnerability in iThemes BackupBuddy plugin 8.5.8.0 - 8.7.4.1 versions.

Hackers Exploit Zero-Day in WordPress BackupBuddy Plugin in ~5 Million Attempts

A zero-day flaw in a WordPress plugin called BackupBuddy is being actively exploited, WordPress security company Wordfence has disclosed. "This vulnerability makes it possible for unauthenticated users to download arbitrary files from the affected site which can include sensitive information," it said. BackupBuddy allows users to back up their entire WordPress installation from within the

WordPress warning: 140k BackupBuddy installations on alert over file-read exploitation

Site backup plugin developer issues patch following reports of millions of exploit attempts

WordPress BackupBuddy 8.7.4.1 Arbitrary File Read

WordPress BackupBuddy plugin versions 8.5.8.0 through 8.7.4.1 suffer from an arbitrary file read and download vulnerability.

Malwarebytes: Latest News

“Sad announcement” email leads to tech support scam