“We recommend that customers follow the steps outlined in the disclosure post to detect if their site was attacked. WORDPRESS DOWNLOAD UPDATEIt continued: “We have made this security update available to all vulnerable BackupBuddy versions (8.5.8 – 8.7.4.1), regardless of licensing status, so no one continues to run a vulnerable version of the BackupBuddy plugin. IThemes, the plugin developer, told The Daily Swig that the bug was patched on September 2, not on September 6 as Wordfence (and therefore this article too) initially stated, within hours of being “notified of suspicious activity related to a BackupBuddy installation”. The vulnerability affects versions between 8.5.8.0 and 8.7.4.1, and was patched in version 8.7.5. accesshash files, which could be leveraged to further compromise victims, said Wordfence. Read more of the latest WordPress security newsĪ majority of observed attacks apparently attempted to read /etc/passwd, /wp-config.php. The issue – tracked as CVE-2022-31474 with a CVSS score of 7.5 – enables unauthenticated attackers to download sensitive files from vulnerable sites. WordPress security firm Wordfence has revealed that its firewall has blocked more than 4.9 million exploit attempts related to the flaw since abuse was first detected on August 26. UPDATED WordPress websites running BackupBuddy have been urged to update the plugin amid reports of active exploitation of a high severity arbitrary file download/read vulnerability.īackupBuddy, which is used to backup WordPress sites, and has around 140,000 active installations. Site backup plugin developer issues patch following reports of millions of exploit attempts
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |