Researchers at iTheme provide compromised BackupBuddy users with several steps designed to mitigate and prevent further unauthorized access. The PSA went on to list the top IPs associated with the attempted attacks, which include: According to Wordfence security researchers, users and administrators should check server logs for references to the aforementioned local-destination-id folder and the local-download folder. WordPress security solution developer Wordfence identified millions of attempts to exploit the vulnerability dating back to August 26th. Authorized users can review an impacted server's logs containing local-destination-id and /etc/passed or wp-config.php that return an HTTP 2xx response code, indicating a successful response was received. These files can provide unauthorized access to system user details, WordPress database settings, and even authentication permissions to the affected server as the root user.Īdministrators and other users can take steps to determine if their site was compromised. This includes those with sensitive information, including /etc/passwd, /wp-config.php. The exploit allows attackers to view the contents of any WordPress-accessible file on the affected server.
Backup buddy logo update#
Users should update to version 8.7.5 to patch the hole.Īccording to iThemes researchers, Hackers are actively exploiting the vulnerability ( CVE-2022-31474) across impacted systems using specific versions of the BackupBuddy plugin.
The flaw affects any sites running BackupBuddy 8.5.8.0 through 8.7.4.1.
The security hole leaves plugin users susceptible to unauthorized access by malicious actors, providing them with the opportunity to steal sensitive files and information. Why it matters: WordPress plugin developer, iThemes, alerted users to a vulnerability related to their BackupBuddy extension earlier this week.
0 kommentar(er)
