Skip to Content

Zero-Day Vulnerability in BackupBuddy WordPress Plugin

By: Author Alex Lim

Posted on Last updated:

Home > Zero-Day Vulnerability in BackupBuddy WordPress Plugin

The developer of the BackupBuddy for WordPress has released an updated version of the plugin that fixes an actively exploited directory traversal vulnerability. The flaw allows unauthenticated users to download files from vulnerable sites. The issue affects BackupBuddy versions 8.5.8.0 to 8.7.4.1. iThemes has made BackupBuddy version 8.7.5, available to all site owners “regardless of licensing status.” BackupBuddy has been installed an estimated 140,000 times.

Note

  • You already checked to make sure that you’re running the current version of BackupBuddy (8.7.5) or removed it because it’s no longer needed. It’s OK, I’ll wait. Now, double check your WAF protections for directory traversal and file inclusion rules are in place. Incorporate the IOCs from the Wordfence blog into your IP blocklist. What was that? You don’t have a WAF in front of your WordPress site? The easy button is to pick up one designed for WordPress (like Wordfence), then subscribe to updates for immediate access to protections against current threats. Note you’re going to quickly eclipse that subscription cost cleaning up from one successful exploit.

Read more in

Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.