Obligatory “me too” post.
But I can’t make much sense out of where WordFence sends us:
https://www.cve.org/CVERecord?id=CVE-2022-34148
Dear @dadams76 ,
Thanks for reporting the issue.
May we kindly ask you to share the report from Wordfence, so we can check the reported security vulnerability, please?
Also, share the versions of the BackupGuard and Wordfence plugins.
Best,
BackupGuard Team
I’m sorry I must have deleted the report. May i suggest you contact Wordfence?
Backupguard Version: 1.6.9
Wordfence Version:7.7.1
The vulnerability is being flagged as CVE-2022-34148:
https://www.cve.org/CVERecord?id=CVE-2022-34148
From within WordFence (Version 7.7.1) scan:
Plugin Name: Backup
Current Plugin Version: 1.6.9
Details: To protect your site from this vulnerability, the safest option is to deactivate and completely remove “Backup” until a patched version is available. Get more information. [https://www.wordfence.com/help/?query=scan-result-plugin-vulnerable] (opens in new tab)
Repository URL: https://wordpress.org/plugins/backup (opens in new tab)
Vulnerability Information: https://www.cve.org/CVERecord?id=CVE-2022-34148
From the WordFence generated email:
Critical Problems:
* The Plugin “Backup” has a security vulnerability.
Vulnerability Information [https://www.cve.org/CVERecord?id=CVE-2022-34148]
https://wordpress.org/plugins/backup/#developers
-
This reply was modified 3 years, 5 months ago by
zummit.
Dear @dadams76 , @zummit , @imoperations ,
Kindly ask you to update the free version of the plugin to the latest 1.6.9.1 version, and check if that fixed the reported security issue.
Thanks for your collaboration.
Best,
BackupGuard Team
Appears to be fine now for me. Wordfence is no longer flagging the vulnerability.
Thanks for the quick response
Dear @imoperations ,
Thanks for confirming.
If anything else comes up, please, just let us know.
Best,
BackupGuard Team
