50K WordPress sites exposed to RCE attacks by critical bug in backup plugin

With over 90,000 installations, a WordPress plugin has a severe severity vulnerability that might allow attackers to take control of affected websites remotely and execute code.

Admins may automate site backups to local storage or a Google Drive account with the use of a plugin called Backup Migration.A group of security researchers called Nex Team found the vulnerability (recorded as CVE-2023-6553 and graded with a 9.8/10 severity level), and they submitted it to WordPress security company Wordfence through a freshly established bug bounty program.It affects all plugin versions, including Backup Migration 1.3.6, and may be used by malevolent actors to launch low-level, user-interruptible assaults.

50K WordPress sites exposed to RCE attacks by critical bug in backup plugin

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

INDIA | Chennai

INDIA | Kochi

INDIA | Thane

UK | London

USA | New York

KUWAIT

SRI LANKA

Address

50K WordPress sites exposed to RCE attacks by critical bug in backup plugin

11-Dec-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

INDIA | Chennai

INDIA | Kochi

INDIA | Thane

UK | London

USA | New York

KUWAIT

SRI LANKA

Address