First published: Mon Mar 13 2023(Updated: )
Directory Traversal vulnerability in iThemes BackupBuddy plugin 8.5.8.0 - 8.7.4.1 versions.
Credit: audit@patchstack.com audit@patchstack.com
Affected Software | Affected Version | How to fix |
---|---|---|
Ithemes Backupbuddy | >=8.5.8.0<8.7.5.0 |
Update to 8.7.5.0 or a higher version.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-31474 is high (7.5).
Versions 8.5.8.0 to 8.7.4.1 of the iThemes BackupBuddy plugin are affected by CVE-2022-31474.
The CWE ID for CVE-2022-31474 is 22.
To fix the Directory Traversal vulnerability, update the iThemes BackupBuddy plugin to version 8.7.5.0 or later.
More information about CVE-2022-31474 can be found at the following references: [1](https://ithemes.com/blog/wordpress-vulnerability-report-special-edition-september-6-2022-backupbuddy/) and [2](https://patchstack.com/database/vulnerability/backupbuddy/wordpress-backup-buddy-plugin-8-5-8-0-8-7-4-1-unauthenticated-path-traversal-arbitrary-file-download-vulnerability?_s_id=cve).