KEVIntel

Vulnerability detail

Enriched intelligence for a single CVE

Back to KEVs

7.5

CVSS
High

CVE-2022-31474

PUBLISHED

WordPress BackupBuddy Plugin 8.5.8.0-8.7.4.1 is vulnerable to Directory Traversal

Exploited in the wild Remote Low complexity No user interaction

Vendor: iThemes
Product: BackupBuddy
Published: Mar 13, 2023
EPSS: 92.7% · 100% pctl

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in iThemes BackupBuddy allows Path Traversal.This issue affects BackupBuddy: from 8.5.8.0 through 8.7.4.1.

wordpress nuclei_scanner

CVSS scores

CVSS v3.1 7.5 High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitation status

Exploited in the wild

Recorded 2022-09-07 07:56:11 UTC · Source

SSVC decision points

Exploitation: none
Automatable: Yes
Technical impact: partial

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
Wordfence	Sep 07, 2022

Scanner integrations

Scanner	Reference	Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-31474.yaml	Apr 25, 2025

Timeline

CVE ID Reserved

August 09, 2022
Added to KEVIntel

September 07, 2022
CVE Published to Public

March 13, 2023
Detected by Nuclei

April 25, 2025