WordPress has released security updates to address a critical severity vulnerability Backup Migration Plugin. Tracked as CVE-2023-6553, the vulnerability may allow unauthenticated attackers to inject arbitrary PHP code, resulting in an entire site compromise. The vulnerability has been given a CVSS score of 9.8.
The Nex Team has discovered the vulnerability and reported it to WordPress security firm Wordfence through a recently launched bug bounty program.
WordPress Backup Migration Plugin is an all-in-one solution for migrating from one site to another host or just restoring the local backup. According to WordPress, the plugin has more than 90,000 active installations.
Vulnerability Details
The vulnerability is exploitable through the /includes/backup-heart.php file. Wordfence states, “This is due to an attacker being able to control the values passed to include and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated threat actors to execute code on the server easily.”
Affected Versions
The vulnerability affects WordPress Plugin Backup Migration before 1.3.8.
Mitigation
Customers must upgrade to Backup Migration Plugin version 1.3.8 or later to patch this vulnerability.
For more information about the mitigation, please refer to WordPress Security Advisory.
Qualys Detection
Qualys customers can scan their devices with QID 731013 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
https://wordpress.org/plugins/backup-backup/#developers
https://www.wordfence.com/blog/2023/12/critical-unauthenticated-remote-code-execution-found-in-backup-migration-plugin/