The BackupBuddy plugin, which has roughly 140,000 active installations, is meant to help WordPress site administrators easily manage their backup operations. The plugin allows users to store the backups to various online and local destinations.

Tracked as CVE-2022-31474 (CVSS score of 7.5), the exploited vulnerability exists because of an insecure method of downloading the backups for local storing, which allows any unauthenticated user to fetch files from the server.

Specifically, the plugin did not have capability checks or nonce validation implemented for the function meant for downloading local backup files, and also registered an admin_init hook for the function.