This website uses cookies

Our website, platform and/or any sub domains use cookies to understand how you use our services, and to improve both your experience and our marketing relevance.

BackupBuddy WordPress Plugin Vulnerable to Exploitation

Updated on September 19, 2022

< 1 Min Read
backupbuddy wordpress plugin

On September 6th, 2022, iThemes, the creator of the BackupBuddy WordPress plugin, announced a security vulnerability found to be exploited since August 27th, 2022. This vulnerability only impacts sites running BackupBuddy versions 8.5.8.0 through 8.7.4.1.

There are indications that this vulnerability is still being actively exploited. However, ithemes readily patched the vulnerability and has requested its users to ensure they are using the 8.7.5 or higher version of the BackBuddy plugin.

What Should I Do?

Update immediately to the latest 8.7.5 patched version.

The breach allowed malicious users to view the contents of any file on a server that a WordPress installation can read.

Examples are the WordPress wp-config.php file and, depending on the server setup, other sensitive files like /etc/passwd. Therefore, it is imperative to upgrade immediately to the latest safe version.

How to Tell if I Am Affected

You can diagnose if your site has been compromised by finding any text containing local-destination-id and wp-config.php with an HTTP 2xx Response in your server logs.

The security breach was identified on BackBuddy versions 8.5.8.0 to 8.7.4.1.

Additional Information

If you need additional information or help directly from ithemes, please open a ticket through the iThemes Help Desk.

Share your opinion in the comment section. COMMENT NOW

Share This Article

Start Creating Web Apps on Managed Cloud Servers Now

Easy Web App Deployment for Agencies, Developers and E-Commerce Industry.

Marianna Siouti

Marianna Siouti is a Product Marketing Manager at Cloudways. She has over 14 years of experience in the hosting industry, in Marketing and Product. She is someone who falls in love with problems and works towards solving them with technology. You will find her working remotely from warm places, or on LinkedIn.

×

Get Our Newsletter
Be the first to get the latest updates and tutorials.

Thankyou for Subscribing Us!

×

Webinar: How to Get 100% Scores on Core Web Vitals

Join Joe Williams & Aleksandar Savkovic on 29th of March, 2021.

Do you like what you read?

Get the Latest Updates

Share Your Feedback

Please insert Content

Thank you for your feedback!

Do you like what you read?

Get the Latest Updates

Share Your Feedback

Please insert Content

Thank you for your feedback!