CVE-2022-31474

Name of the Vulnerable Software and Affected Versions iThemes BackupBuddy versions 8.5.8.0 through 8.7.4.1

Description The issue affects the iThemes BackupBuddy plugin, allowing unauthorized users to upload arbitrary files from a vulnerable site, potentially containing confidential information. This is due to a Path Traversal vulnerability, also known as Improper Limitation of a Pathname to a Restricted Directory. Approximately 5 million attempts to exploit this vulnerability have been detected, targeting the BackupBuddy plugin, which has around 140,000 active installations.

Recommendations For iThemes BackupBuddy versions 8.5.8.0 through 8.7.4.1, update to version 8.7.5 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories on the server to minimize the risk of exploitation.