Hackers Exploit Zero-Day in BackupBuddy WordPress Backup Plugin 5 Million Attempts

WordPress security company Wordfence has disclosed that a zero-day vulnerability in the BackupBuddy WordPress plugin is currently being actively exploited.

“This vulnerability makes it possible for unauthenticated users to download arbitrary files from the affected site which can include sensitive information,” from Wordfence statement.

What is BackupBuddy WordPress Plugin?

BackupBuddy allows users to back up their entire WordPress installation, provides scheduled backups, and allows users to send/store backups remotely off-site from within the dashboard, including theme files, posts, pages, users, widgets,  and media files..

BackupBuddy backs up your entire WordPress installation, making sure you have a copy of all your WordPress website files

This WordPress-paid plugin is estimated to have around 140,000 active installations

This Zero-day flaw (CVE-2022-31474, CVSS score: 7.5) affects versions 8.5.8.0 to 8.7.4.1. It’s been addressed in version 8.7.5 released last week on September 2, 2022.

Wordfence reported that the targeting of CVE-2022-31474 began on August 26, 2022, and that it has blocked nearly five million attacks since then. The majority of the intrusions attempted to read the files listed below 

  • /wp-config.php
  • /etc/passwd
  • .accesshash
  • .my.cnf


The flaw is rooted in the “Local Directory Copy” function, which is intended to store a local copy of the backups. Wordfence claims that the flaw results from insecure implementation, which allows an unauthorized threat actor to download any file from the server.

 “This vulnerability could allow an attacker to view the contents of any file on your server that can be read by your WordPress installation,” the plugin’s developer, iThemes, said. “This could include the WordPress wp-config.php file and, depending on your server setup, sensitive files like /etc/passwd.”

 In light of active in-the-wild abuse and its ease of exploitation additional details about the flaw have been withheld.

Users of the BackupBuddy WordPress plugin are encouraged to update to the most recent version(See how to update). Should users determine that they may have been compromised, it’s recommended to reset the database password, change WordPress Salts, and rotate API keys stored in wp-config.php.

15 thoughts on “Hackers Exploit Zero-Day in BackupBuddy WordPress Backup Plugin 5 Million Attempts”

  1. I like what you guys are up too. Such intelligent work and reporting! Keep up the excellent works guys I have incorporated you guys to my blogroll. I think it will improve the value of my website :).

  2. Real superb information can be found on site. “I believe in nothing, everything is sacred. I believe in everything, nothing is sacred.” by Tom Robbins.

  3. You could certainly see your skills in the paintings you write. The world hopes for more passionate writers like you who are not afraid to say how they believe. At all times go after your heart. “A second wife is hateful to the children of the first a viper is not more hateful.” by Euripides.

  4. I think this web site has some rattling wonderful info for everyone. “Few friendships would survive if each one knew what his friend says of him behind his back.” by Blaise Pascal.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top