From 5caad03843eb30ff2d0a6455eb13f13f8588256d Mon Sep 17 00:00:00 2001
From: Goby <50955360+gobysec@users.noreply.github.com>
Date: Sat, 1 Apr 2023 08:35:15 +0800
Subject: [PATCH] Update GobyVuls-Document.md

---
 GobyVuls-Document.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/GobyVuls-Document.md b/GobyVuls-Document.md
index 69719ab..b25235c 100644
--- a/GobyVuls-Document.md
+++ b/GobyVuls-Document.md
@@ -3,6 +3,19 @@ The following content is an updated vulnerability from Goby. Some of the vulnera
 
 **Updated document date: March 31, 2023** 
 
+## WordPress Plugin BackupBuddy Arbitrary File Read Vulnerability (CVE-2022-31474)
+
+|   **Vulnerability**  | **WordPress Plugin BackupBuddy Arbitrary File Read Vulnerability (CVE-2022-31474)**  |
+| :----:   | :-----|
+|  **Chinese name**  | WordPress BackupBuddy 插件 local-download 参数任意文件读取漏洞（CVE-2022-31474） |
+| **CVSS core**  | 7.5 |
+| **FOFA Query**  (click to view the results directly)| [header="WordPress" || header="api.w.org" || body="/wp-content/themes/"](https://fofa.info/result?qbase64=aGVhZGVyPSJXb3JkUHJlc3MiIHx8IGhlYWRlcj0iYXBpLncub3JnIiB8fCBib2R5PSIvd3AtY29udGVudC90aGVtZXMvIg%3D%3D) |
+| **Number of assets affected**  | 34049801 |
+| **Description**  | WordPress BackupBuddy plugin is a fast and simple plugin for WordPress backup and restore. WordPress plugin BackupBuddy versions 8.5.8.0 to 8.7.4.1 have an information disclosure vulnerability, which stems from an arbitrary file read and download vulnerability. |
+| **Impact** | Attackers can use this vulnerability to read the leaked source code, database configuration files, etc., resulting in an extremely insecure website. |
+
+![](https://s3.bmp.ovh/imgs/2023/04/01/0b9fb8da4ab364e1.gif)
+
 ## Zyxel Authentication Bypass Vulnerability (CVE-2022-0342)
 
 |   **Vulnerability**  | **Zyxel Authentication Bypass Vulnerability (CVE-2022-0342)**  |