20 August 2014
Today we have issued security updates of Akeeba Backup for Joomla!, Akeeba Backup for WordPress and Akeeba Solo. The information disclosure vulnerability affects the JSON remote API which is only available when you enable front-end backups. The nature of this vulnerability makes it nearly impossible to exploit unless you are an experienced cryptanalyst and cannot be used to directly hack a site (the attacker can't write to the files or a database). Even though it's extremely difficult to use in a real world situation, we have issued a security update for all versions of our backup software and request all of our users to update as a sane precaution.
Credits: the vulnerability was discovered by Marc-Alexandre Montpas of Sucuri LLC and reported on Monday, August 18th 2014.