Backup Migration WordPress Plugin Flaw Impacts 90,000 Sites

Security researchers have warned users of a popular WordPress plugin that they need to patch urgently or risk their site being remotely hijacked.

Security vendor Wordfence has revealed a new PHP code injection vulnerability with a CVSS score of 9.8, which could enable remote code execution (CVE-2023-6553). The impacted plugin, Backup Migration, is said to have an estimated 90,000 installs.

Unauthenticated threat actors could exploit the bug to inject arbitrary PHP code, resulting in a full site compromise.

“The Backup Migration plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file,” Wordfence said.

“This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated threat actors to easily execute code on the server.”

Read more on WordPress plugin flaws: WooCommerce Bug Exploited in Targeted WordPress Attacks

The vulnerability was fixed rapidly by Backup Migration developer BackupBliss, within just hours of being informed by Wordfence on December 6.

It was discovered by a researcher via the Wordfence Bug Bounty Program, which was set up on November 8. The research was submitted to the program on December 5 and Wordfence had validated and confirmed a proof-of-concept exploit a day later.

The same day, it released a firewall rule to protect customers and sent the details over to BackupBliss.

Wordfence trumpeted the output of its bug bounty program. Within just a month, over 270 vulnerability researchers have registered and submitted around 130 vulnerabilities, it claimed.

Up until December 20, all researchers will earn 6.25x the program’s normal bounty rates when Wordfence handles responsible disclosure.

Image credit: David MG / Shutterstock.com

Next Post

Apple overtakes Samsung as top seller of smartphones

Sun Feb 4 , 2024
Apple ended Samsung Electronics’ 12-year run as the largest seller of smartphones in the world, after commanding a 20% market share in 2023, according to a report from International Data Corp. Samsung ended the year with a 19.4% share, followed by China’s Xiaomi, Oppo and Transsion, preliminary data from IDC’s Worldwide Quarterly […]
Apple overtakes Samsung as top seller of smartphones

You May Like

About

muryou-erogazou.net provide by The top global media Technology, Gadget, Website, SEO, Internet Marketing,Digital marketing.