Threat Advisory

New zero-day vulnerability in WordPress Plugin

September 16, 2022 | By Accorian

Earlier this week WordPress alerted its users about a new zero-day vulnerability that was identified in the BackupBuddy extension. The vulnerability allows the plugin users susceptible to unauthorized access by an attacker hence providing the potential to steal sensitive files and information. According to the iThemes researchers, the issue is being actively exploited for users using some specific versions of the BackupBuddy plugin.

The vulnerability that has been assigned, CVE-2022-31474 allows attackers to view sensitive information including /etc/passwd, /wp-config.php, .my.cnf, and .accesshash. These files contain information related to WP Database configuration, user details and even authentication permissions. The flaw affects any website running BackupBuddy 8.5.8.0 through 8.7.4.1.

WordPress Administrators are requested to upgrade to the latest version to mitigate the issue, version 8.7.5. Users are also advised to determine if they may have been compromised. Authorized users can review an affected server’s logs containing local-destination-id and /etc/passed or wp-config.php that returns an HTTP 2xx response code. WordPress also recommended resetting database passwords, updating WordPress Salts and rotating API keys that are stored in wp-config.php.

Accorian can help identify this vulnerability in your environment. 

Source: https://www.wordfence.com/blog/2022/09/psa-nearly-5-million-attacks-blocked-targeting-0-day-in-backupbuddy-plugin/

Threat Advisory Team 

Accorian

Recent Post

    Ready to Start?

    Shukla CPA, d.b.a Accorian Assurance is a licensed, certified public accounting firm registered with the American Institute of Pubic Accountants (AICPA) and the Public Company Accounting Oversight Board (PCAOB). Esha IT Corp d.b.a Accorian is a global leader in cybersecurity and compliance professional services.

    © 2023 Accorian. All Rights Reserved.

      Ready to Start?

      Download Case study

      Download SOC2 Guide

      Human Resources Director

      Posted On: 09 May, 2022

      Drop your CVs to joinourteam@accorian.com

        Interested Position
        First Name
        Last Name
        Email
        Total Experience
        Mobile Number
        Upload Resume