Malicious actors have been actively exploiting a zero-day vulnerability in the WordPress plugin
named BackupBuddy to facilitate arbitrary file downloads, The Hacker News
Nearly five million attacks targeting the flaw, tracked as CVE-2022-31474, have already been blocked since the targeting began on Aug. 26, with most attacks originating from the IP address 22.214.171.124, according to a report from Cofense. Such a vulnerability has stemmed from a "Local Directory Copy" feature impacting versions 126.96.36.199 to 188.8.131.52 of BackupBuddy and has since been fixed in version 8.7.5.
"This vulnerability could allow an attacker to view the contents of any file on your server that can be read by your WordPress installation. This could include the WordPress wp-config.php file and, depending on your server setup, sensitive files like /etc/passwd," said BackupBuddy plugin developer iThemes.
Cofense researchers noted that most of the attacks sought to read the /etc/passwd, /wp-config.php, .accesshash, and .my.cnf files.