CVE-2023-6553 Scanner
Detects 'Remote Code Execution (RCE)' vulnerability in The Backup Migration plugin for WordPress affects v. 1.3.7 and before.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Scan only one
Url
Toolbox
-
The Backup Migration plugin for WordPress is a plugin designed to make backing up and migrating WordPress websites easier. This plugin is useful for website owners who want to move their website to a different hosting provider or to simply have a backup in case of data loss. The plugin allows users to create backups of their WordPress website, which can then be easily migrated to a different server or hosting provider.
However, the Backup Migration plugin for WordPress is vulnerable to Remote Code Execution via the /includes/backup-heart.php file. This CVE-2023-6553 vulnerability allows attackers to execute code on the server by controlling the values passed to an include. This vulnerability is present in all versions of the plugin up to, and including, version 1.3.7.
If this vulnerability is exploited, it can lead to complete compromise of the targeted website. Attackers can easily gain access to sensitive data, such as login credentials, payment information, and personal information of users. They may also use the compromised website to spread malware or launch attacks against other websites and servers.
By using the pro features of the securityforeveryone.com platform, website owners can easily and quickly learn about vulnerabilities in their digital assets. This platform provides a comprehensive view of all vulnerabilities present in your website or web application, making it easy to identify and fix any security issues. With the help of this platform, website owners can ensure that their digital assets are always secure and protected from any potential threats.
REFERENCES
- https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L118
- https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L38
- https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L62
- https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L64
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3006541%40backup-backup&new=3006541%40backup-backup&sfp_email=&sfph_mail=
- https://www.synacktiv.com/en/publications/php-filters-chain-what-is-it-and-how-to-use-it
- https://www.wordfence.com/threat-intel/vulnerabilities/id/3511ba64-56a3-43d7-8ab8-c6e40e3b686e?source=cve
control security posture