Experts warn of attacks exploiting zero-day in WordPress BackupBuddy plugin
The vulnerability, tracked as CVE-2022-31474 (CVSS score: 7.5), can be exploited by an unauthenticated user to download arbitrary files from the affected site. It has been estimated that the plugin has around 140,000 active installations.