WordCamp US got off to a hot, humid, and rainy start in San Diego, California.…
On September 6th, 2022, iThemes, the creator of the BackupBuddy WordPress plugin, WordPress-vulnerability-report-special-edition-september-6-2022-backupbuddy/” target=”_blank” rel=”noopener norefferer nofollow”>announced a security vulnerability found to be exploited since August 27th, 2022. This vulnerability only impacts sites running BackupBuddy versions 220.127.116.11 through 18.104.22.168.
There are indications that this vulnerability is still being actively exploited. However, ithemes readily patched the vulnerability and has requested its users to ensure they are using the 8.7.5 or higher version of the BackBuddy plugin.
What Should I Do?
Update immediately to the latest 8.7.5 patched version.
The breach allowed malicious users to view the contents of any file on a server that a WordPress installation can read.
Examples are the WordPress wp-config.php file and, depending on the server setup, other sensitive files like /etc/passwd. Therefore, it is imperative to upgrade immediately to the latest safe version.
How to Tell if I Am Affected
You can diagnose if your site has been compromised by finding any text containing local-destination-id and wp-config.php with an HTTP 2xx Response in your server logs.
The security breach was identified on BackBuddy versions 22.214.171.124 to 126.96.36.199.
If you need additional information or help directly from ithemes, please open a ticket through the iThemes Help Desk.
Start Creating Web Apps on Managed Cloud Servers Now
Easy Web App Deployment for Agencies, Developers and e-commerce Industry.
#ZeroDay #Vulnerability #BackupBuddy #WordPress #Plugin
Read More on Zero-Day Vulnerability Found in BackupBuddy WordPress Plugin