The company iThemes published another report on the vulnerability of WordPress. One of the most dangerous was a breach in the security of the BackupBuddy extension.
Thanks to a bug found in the program, hackers could gain access to all site files, regardless of what privileges an ordinary user should have to view certain documents. The vulnerability is actively exploited and affects anyone using the BackupBuddy plugin from version 18.104.22.168 to 22.214.171.124.
At the moment, a patch has been released that fixes the error in the extension, but not all sites use the new version. The developers recommend that you immediately install the patched BackupBuddy 8.7.5 or later to keep yourself safe.
You can read more about the vulnerability in the iThemes report on this particular extension.