CVE-2022-31474
WordPress BackupBuddy Plugin 8.5.8.0-8.7.4.1 is vulnerable to Directory Traversal
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1.
The BackupBuddy plugin for WordPress is vulnerable to unauthenticated arbitrary file downloads via the 'local-download' found in the backupbuddy_local_download() function in versions 8.5.8.0 to 8.7.4.1. This is due to a missing capability check and nonce check on the affected function that is called via an admin_init hook along with insufficient file path validation on the supplied download file. This makes is possible for unauthenticated attackers to supply the complete path to a file, or use directory traversal techniques, to read any file hosted on the server. This includes sensitive files such as /etc/passwd and /wp-config.php.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-08-09 CVE Reserved
- 2022-09-06 CVE Published
- 2024-08-03 CVE Updated
- 2024-09-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CWE-73: External Control of File Name or Path
CAPEC
- CAPEC-126: Path Traversal
References (2)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ithemes Search vendor "Ithemes" | Backupbuddy Search vendor "Ithemes" for product "Backupbuddy" | >= 8.5.8.0 < 8.7.5.0 Search vendor "Ithemes" for product "Backupbuddy" and version " >= 8.5.8.0 < 8.7.5.0" | wordpress |
Affected
| ||||||