Researchers have identified a critical vulnerability in a popular plugin has exposed thousands of websites to a potential takeover.
This vulnerability, tracked as CVE-2023-6553 with a CVSS score of 9.8, impacts the Backup Migration plugin used by over 90,000 websites.
This critical flaw impacts all versions of Backup Migration up to 1.3.6. It allows unauthenticated attackers to inject PHP code and execute arbitrary commands on the server, essentially giving them complete control of your website.
This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated threat actors to easily execute code on the server.
.By submitting a specially-crafted request, threat-actors can leverage this issue to include arbitrary, malicious PHP code and execute arbitrary commands on the underlying server in the security context of the WordPress instance.
Update the Backup Migration plugin to version 1.3.8 or later to patch the CVE-2023-6553 vulnerability.
Nice post 💖❤️💚
I invite you to visit, read and comment on my blog.
TOGETHER WE GROW 🙏 BLESSINGS 🙏
GREETINGS FROM SPAIN 🇪🇸