A zero-day flaw in a WordPress plugin referred to as BackupBuddy is being actively exploited, WordPress safety firm Wordfence has disclosed.
“This vulnerability makes it attainable for unauthenticated customers to obtain arbitrary information from the affected web site which might embody delicate data,” it mentioned.
The vulnerability impacts variations 8.5.8.0 to eight.7.4.1,
The BackupBuddy plugin for WordPress is designed to make back-up administration straightforward for WordPress web site homeowners.
One of many options within the plugin is to retailer back-up information in a number of completely different places, referred to as Locations, which embody Google Drive, OneDrive, and AWS for instance.
There’s additionally the flexibility to retailer back-up downloads domestically through the ‘Native Listing Copy’ choice. Sadly,
the tactic to obtain these domestically saved information was insecurely carried out making it attainable for unauthenticated customers to obtain any file saved on the server.
Extra particularly the plugin registers an admin_init hook for the perform supposed to obtain native back-up information and the perform itself didn’t have any functionality checks nor any nonce validation.
Which means that the perform may very well be triggered through any administrative web page, together with these that may be referred to as with out authentication (admin-post.php), making it attainable for unauthenticated customers to name the perform.
The back-up path is just not validated and subsequently an arbitrary file may very well be provided and subsequently downloaded.
We strongly encourage you to make sure your web site has been up to date to the newest patched model 8.7.5 which iThemes has made out there to all web site homeowners working a susceptible model no matter licensing standing