• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

virusword.com

Learn Wordpress

  • Home
  • WordPress Shop
    • Fotopress
    • SEO Tool Kit
    • Social Contact
    • Tag Machine 2
    • Video Profits
  • Latest News
  • WordPress
    • Plugins
    • Themes
    • Tutorials
    • Videos
    • Woocommerce
  • About Us
  • Contact Us
    • Terms of Service
    • Privacy Policy
  • Show Search
Hide Search
Home/Plugins/Zero-Day Vulnerability Found In WordPress Plugin Backup Buddy

Zero-Day Vulnerability Found In WordPress Plugin Backup Buddy

A severe zero-day vulnerability in the Backup Buddy plugin has been revealed. The researchers detected millions of exploitation attempts for the flaw before it received a patch. Since the vulnerability has already caught the attention of criminal hackers, WordPress users must ensure to update their websites with the latest plugin version to receive the patch.

Backup Buddy Zero-Day Vulnerability

According to a recent post from Wordfence, they noticed active exploitation of a zero-day vulnerability in the Backup Buddy WordPress plugin.

Backup Buddy is a dedicated plugin for WordPress sites enabling users to manage site backups. The plugin also allows users to manage the backups in multiple cloud locations, such as AWS, Google Drive, etc., alongside supporting local backup storage. That’s where the vulnerability existed.

The researchers noticed that this local download feature for backup files had insecure implementation. Thus, an adversary could easily download any arbitrary file from the server. Describing the exact cause triggering the glitch, the researchers stated in their post,

More specifically the plugin registers an admin_init hook for the function intended to download local backup files and the function itself did not have any capability checks nor any nonce validation.

Hence, an adversary could download any file from the backup by calling the function from any administrative page, even without authentication.

According to Wordfence, they could detect (and block) at least 49 million exploitation attempts on this vulnerability since August 2022. The attackers originated from multiple IP addresses, each waging several thousand attack attempts. Most of these attacks intended to obtain sensitive information by accessing the files /etc/passwd, /wp-config.php, .my.cnf, and .accesshash.

Patch Deployed

The researchers found the vulnerability affecting the plugin versions 8.5.8.0 to 8.7.4.1. Following the researchers’ report, the vendors fixed the flaw with the release of the Backup Buddy plugin version 8.7.5.

Given the flaw’s active exploitation and the subsequent patch release, Wordfence urges users to update their sites with the latest plugin version.

Moreover, users should also check their websites for a possible compromise by looking for the local-download and local-destination-id parameter value in the requests in the access log. According to Wordfence,

Presence of these parameters along with a full path to a file or the presence of ../../ to a file indicates the site may have been targeted for exploitation by this vulnerability.

Let us know your thoughts in the comments.

Source link

Written by:
Abdul Wahid
Published on:
September 13, 2022

Categories: Plugins

Primary Sidebar

Wordpress

  • Content Management Systems (2)
  • Digital Marketing (4)
  • Internet Marketing (6)
  • Latest News (458)
  • Online Business (2)
  • Plugins (519)
  • Themes (521)
  • Videos (1,350)
  • Website Development (1)
  • Woocommerce (589)
  • WordPress (6)

Recent Articles

Unlock Your Internet Marketing Success with WordPress: The Ultimate CMS for Achieving Online Goals

WordPress: A Powerhouse for Achieving Internet …

Continue Reading about Unlock Your Internet Marketing Success with WordPress: The Ultimate CMS for Achieving Online Goals

Unlock Your Internet Marketing Potential with WordPress: A Comprehensive Guide

How to Use WordPress to Achieve Your Internet …

Continue Reading about Unlock Your Internet Marketing Potential with WordPress: A Comprehensive Guide

Search our site

Explore more

Get our Wordpress Guide Get Plugins Get Connected

Footer

VirusWord by Promaps, Inc.

Barnes Place
Colombo 7, Western 00700

Copyright © 2025 · Promaps, Inc.

Keep In Touch

  • Email
  • Facebook
  • Instagram
  • Pinterest
  • Twitter