Vulnerability in WordPress BackupBuddy Plugin Exploited By Hackers

Hackers have attempted to exploit a zero–day flaw in a WordPress plugin known as BackupBuddy five million occasions, in some cases properly.

The news arrives from WordPress security–focused corporation Wordfence, which published an advisory about the flaw previously this 7 days.

“This vulnerability could enable an attacker to look at the contents of any file on your server that can be examine by your WordPress set up,” reads the weblog publish. 

✔ Approved Seller From Our Partners

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount

In accordance to the security gurus, this could contain the WordPress wp–config.php file, which consists of facts about the website’s database, title, host, username and password, and depending on server set up, delicate documents like /and so forth/passwd.

For context, the BackupBuddy plugin, at present believed to have 140,000 active installations, lets customers to back up their WordPress set up, together with concept data files, internet pages, posts, widgets, people and media files.

“Unfortunately, the approach to down load these locally saved files was insecurely applied, making it attainable for unauthenticated users to obtain any file saved on the server,” Wordfence wrote.

Just after reviewing historical knowledge, the group established that attackers started targeting this vulnerability on August 26, 2022. Wordfence claimed to have blocked 4,948,926 attacks focusing on this vulnerability considering the fact that that time.

The vulnerability affected versions 8.5.8. to 8.7.4.1 of WordPress and was fully patched on September 02, 2022, in version 8.7.5.

“Due to the reality that this is an actively exploited vulnerability, we strongly stimulate you to ensure your web page has been up to date to the most up-to-date patched variation 8.7.5, which iThemes has designed accessible to all web-site entrepreneurs jogging a vulnerable edition regardless of licensing standing,” the advisory stated.

“Due to this vulnerability becoming actively exploited, and its simplicity of exploitation, we are sharing minimal particulars about this vulnerability,” Wordfence concluded.

The vulnerability will come months soon after WordPress forcibly up-to-date more than a million websites to patch a critical vulnerability affecting the Ninja Forms plugin.