The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-12-15T10:59:46.387Z
Updated: 2023-12-15T10:59:46.387Z
Reserved: 2023-12-06T12:56:43.963Z
Link: CVE-2023-6553
JSON object: View
NVD Information
Status : Modified
Published: 2023-12-15T11:15:47.837
Modified: 2024-01-18T17:15:14.300
Link: CVE-2023-6553
JSON object: View
Redhat Information
No data.
CWE