CVE Radar

CVE Radar Logo
CVERadar

Edition used by more than 30,000 companies in more than 150 countries.
Sign Up For Free

CVE-2022-31474

High Severity|Ithemes
68
SVRS
7.5
CVSSv3
0.63761
EPSS
TAGS
In The Wild
VECTOR STRING
CVSS:3.1AV:NAC:LPR:NUI:NS:UC:HI:NA:N
PUBLICATION DATE2023-03-13
LAST MODIFIED2026-04-28

Deep CVE Analysis in Progress

The system is currently conducting an in-depth analysis of the selected CVE. This includes advanced correlation, vulnerability classification, and cross-referencing with real-time threat intelligence sources. Once the analysis is complete, the page will automatically update with enriched vulnerability data and actionable insights.

Security Intelligence Brief

What is this vulnerability and why does it matter?
This vulnerability, identified as CVE-2022-31474, is an Improper Limitation of a Pathname to a Restricted Directory, commonly known as a Path Traversal (CWE-22) issue. It affects the iThemes BackupBuddy plugin. This type of vulnerability allows an attacker to access files and directories outside of the intended restricted directory. This matters significantly as it can lead to unauthorized access to sensitive information, configuration files, or even potentially arbitrary file writes or reads, which could be leveraged for further system compromise, including remote code execution.
What are the CVSS score, severity level, and disclosure details?
The CVSS score for this vulnerability is 7.5, which indicates a High severity level. The vulnerability was publicly disclosed on March 13, 2023, at 13:21:10 UTC, and the information was last modified on April 28, 2026, at 16:07:42 UTC.
Which products, vendors, systems, and versions are affected?
  • Vendor: iThemes
  • Product: BackupBuddy
  • Affected Versions: All versions from 8.5.8.0 through 8.7.4.1 (inclusive).
What is the technical root cause and attack vector?
The technical root cause of CVE-2022-31474 is an Improper Limitation of a Pathname to a Restricted Directory (Path Traversal), categorized under CWE-22. This means that the iThemes BackupBuddy plugin fails to properly sanitize or validate user-supplied input that dictates file paths. Attackers can leverage this flaw by manipulating file path arguments or parameters within requests sent to the plugin. The attack vector involves crafting specially designed input that includes directory traversal sequences (e.g., ../../) to navigate the file system and access resources outside the intended scope of the application.
How can this vulnerability be exploited?
An attacker can exploit this vulnerability by sending crafted requests to the vulnerable iThemes BackupBuddy plugin. By injecting directory traversal sequences (e.g., "../", "..%2f") into parameters that are used to construct file paths, the attacker can bypass security restrictions. This allows them to read, and potentially write, files in arbitrary locations on the server's file system, beyond the plugin's designated directory. The specific method of exploitation would depend on the exact function within BackupBuddy that is vulnerable to path manipulation.
What mitigation steps and patches are available?
The primary mitigation step is to update the iThemes BackupBuddy plugin to a version that addresses this vulnerability. Users should upgrade to a version later than 8.7.4.1. Always ensure that all plugins, themes, and the core WordPress installation are kept up-to-date.
How can vulnerable systems be detected?
Systems can be detected as vulnerable by checking the installed version of the iThemes BackupBuddy plugin. Any installation running BackupBuddy versions from 8.5.8.0 up to and including 8.7.4.1 is vulnerable to CVE-2022-31474. Administrators should log into their WordPress dashboard and navigate to the plugin section to verify the version number.
What are the indicators of compromise (IOCs)?

Indicators of Compromise (IOCs) for this vulnerability may include:

  • Unusual log entries showing attempts to access system directories or sensitive files via BackupBuddy plugin requests.
  • Presence of unexpected files or directories on the server's file system, especially outside the typical WordPress installation paths.
  • Unauthorized access to configuration files, database credentials, or other sensitive information.
  • Abnormal outbound connections from the web server, potentially indicating data exfiltration.
Which threat actors are known to exploit this vulnerability?
While the provided data does not name specific threat actors, it explicitly states that "Active exploits have been published to exploit the vulnerability." This indicates that the vulnerability is publicly known and tools for exploitation are available, making it highly probable that various opportunistic attackers and potentially more organized groups are attempting to or actively exploiting this CVE.
What public intelligence references and advisories exist?
  • CVE Identifier: CVE-2022-31474
  • CWE Identifier: CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))
  • Publication Date: 2023-03-13 13:21:10 UTC
  • Public advisories from iThemes and various cybersecurity research organizations would typically be available for a vulnerability of this nature and severity.
What is the risk assessment and urgency level?

Risk Assessment: The risk associated with CVE-2022-31474 is rated as High, supported by a CVSS score of 7.5. A Path Traversal vulnerability can allow attackers to read sensitive files, potentially leading to information disclosure, unauthorized access to system resources, or even remote code execution if combined with other vulnerabilities or misconfigurations. The impact on confidentiality, integrity, and availability can be significant.

Urgency Level: The urgency level is Critical. The existence of "Active exploits have been published" signifies that this vulnerability is being actively targeted in the wild. Organizations using affected versions of iThemes BackupBuddy must prioritize immediate patching to prevent potential compromise.

No IOCs found for this CVE

TitleSoftware LinkDate
This vulnerability has not been pub...https://www.wordfence.com/blog/2022/09/psa-nearly-5-million-attacks-blocked-targeting-0-day-in-backupbuddy-plugin/2022-09-11
SOCRadar Logo

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

No news found for this CVE

No tweets found for this CVE

Configuration 1
TypeVendorProduct
AppIthemesbackupbuddy
ReferenceLink
INTHEWILDhttps://www.wordfence.com/blog/2022/09/psa-nearly-5-million-attacks-blocked-targeting-0-day-in-backupbuddy-plugin/
MISChttps://ithemes.com/blog/wordpress-vulnerability-report-special-edition-september-6-2022-backupbuddy/
MISChttps://patchstack.com/database/vulnerability/backupbuddy/wordpress-backup-buddy-plugin-8-5-8-0-8-7-4-1-unauthenticated-path-traversal-arbitrary-file-download-vulnerability?_s_id=cve
[email protected]https://ithemes.com/blog/wordpress-vulnerability-report-special-edition-september-6-2022-backupbuddy/
[email protected]https://patchstack.com/database/vulnerability/backupbuddy/wordpress-backup-buddy-plugin-8-5-8-0-8-7-4-1-unauthenticated-path-traversal-arbitrary-file-download-vulnerability?_s_id=cve
AF854A3A-2127-422B-91AE-364DA2661108https://ithemes.com/blog/wordpress-vulnerability-report-special-edition-september-6-2022-backupbuddy/
AF854A3A-2127-422B-91AE-364DA2661108https://patchstack.com/database/vulnerability/backupbuddy/wordpress-backup-buddy-plugin-8-5-8-0-8-7-4-1-unauthenticated-path-traversal-arbitrary-file-download-vulnerability?_s_id=cve
[email protected]https://ithemes.com/blog/wordpress-vulnerability-report-special-edition-september-6-2022-backupbuddy/
[email protected]https://patchstack.com/database/vulnerability/backupbuddy/wordpress-backup-buddy-plugin-8-5-8-0-8-7-4-1-unauthenticated-path-traversal-arbitrary-file-download-vulnerability?_s_id=cve
CWE IDCWE NameDescription
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence Access