CVE-2022-31474
high
CVSS v3
7.5
CVSS v4 NEW
โ
VIR risk
7.5
Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1.
Predictions
Exploit likelihood
83%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ithemes | backupbuddy | {"startIncluding":"8.5.8.0","endExcluding":"8.7.5.0"} | 8.7.5.0 |
References
- https://ithemes.com/blog/wordpress-vulnerability-report-special-edition-september-6-2022-backupbuddy/
- https://patchstack.com/database/vulnerability/backupbuddy/wordpress-backup-buddy-plugin-8-5-8-0-8-7-4-1-unauthenticated-path-traversal-arbitrary-file-download-vulnerability?_s_id=cve
- https://ithemes.com/blog/wordpress-vulnerability-report-special-edition-september-6-2022-backupbuddy/
- https://patchstack.com/database/vulnerability/backupbuddy/wordpress-backup-buddy-plugin-8-5-8-0-8-7-4-1-unauthenticated-path-traversal-arbitrary-file-download-vulnerability?_s_id=cve
CWEs
CWE-22
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.