New zero-day vulnerability in BackupBuddy plugin leaves WordPress users at risk [TechSpot]

View Article on TechSpot

According to iThemes researchers, Hackers are actively exploiting the vulnerability (CVE-2022-31474) across impacted systems using specific versions of the BackupBuddy plugin. The exploit allows attackers to view the contents of any WordPress-accessible file on the affected server. This includes those with sensitive information, including /etc/passwd, /wp-config.php, .my.cnf, and .accesshash. These…