Ithemes Security just released its biweekly security report but also issues an immediate security alert for one of the most popular WordPress backup solutions, Backup Buddy. Ithemes is reporting that there are also active exploits for this vulnerability. This vulnerability only impacts sites running BackupBuddy versions 220.127.116.11 through 18.104.22.168.
The earliest exploits we have discovered appear to have started on August 27th, 2022.
A patch was released on September 2, 2022, to resolve the exploit in BackupBuddy version 8.7.5.
This security update is available to all vulnerable BackupBuddy versions (8.5.8 – 22.214.171.124), regardless of your current BackupBuddy licensing status, so no one continues to run a vulnerable version of the BackupBuddy plugin.
In the regular release, there are also some popular plugins in the list including Beaver Builder and Ninja Forms.
For Ninja Forms, the vulnerability has been patched, so you should update to version 3.6.13. For Beaver Builder, the vulnerability has been patched, so you should update to version 126.96.36.199.
You can see the full report on their website.
Keeping your website secure is important and reviewing these security alerts will help you in maintaining the security of your website. If you have any questions about keeping your website secure or need help, feel free to book an appointment for a free consultation or sign up for a free website audit.