CVE-2022-31474
HIGH EXPLOITED IN THE WILD NUCLEIiThemes BackupBuddy <8.7.4.1 - Path Traversal
Title source: llmExploitation Summary
CVE-2022-31474 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). A Nuclei detection template is also available.
Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1.
Nuclei Templates (1)
BackupBuddy - Local File Inclusion
HIGHby aringo
References (2)
Core 2
Core References
Third Party Advisory vdb-entry
https://patchstack.com/database/vulnerability/backupbuddy/wordpress-backup-buddy-plugin-8-5-8-0-8-7-4-1-unauthenticated-path-traversal-arbitrary-file-download-vulnerability?_s_id=cve
Vendor Advisory vendor-advisory
https://ithemes.com/blog/wordpress-vulnerability-report-special-edition-september-6-2022-backupbuddy/
Scores
CVSS v3
7.5
EPSS
0.6376
EPSS Percentile
99.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
VulnCheck KEV
2023-01-12
InTheWild.io
2022-09-07
CWE
CWE-22
Status
published
Products (2)
iThemes/BackupBuddy
8.5.8.0 - 8.7.4.1
ithemes/backupbuddy
8.5.8.0 - 8.7.5.0
Published
Mar 13, 2023
Tracked Since
Feb 18, 2026