There is a zero-day flaw in the WordPress Backbuddy plug-in that has allowed hackers to exploit it occasionally successfully. What happens is that the hacker can view any file on a server that the WordPress installation can read. This would include the WordPress wp–config.php file, which contains sensitive information, including usernames and passwords. The problem relates to how the method to download certain files was initially implemented. Ultimately it made it possible for unauthorized users to download these files.
Key Takeaways:
- A serious flaw in WordPress has been exploited millions of times by hackers.
- The hackers used a specific plugin to view anything that WordPress could read.
- The attacks took place in the last week of August, and WordPress recommends upgrading to the latest patch to fix the problem.
“For context, the BackupBuddy plugin, currently estimated to have 140,000 active installations, allows users to back up their WordPress installation, including theme files, pages, posts, widgets, users and media files.”
Read more: https://www.infosecurity-magazine.com/news/wordpress-backupbuddy-plugin/