Dec 12, 2023

50K WordPress sites exposed to RCE attacks by critical bug in backup plugin

Posted by in categories: cybercrime/malcode, robotics/AI

A critical severity vulnerability in a WordPress plugin with more than 90,000 installs can let attackers gain remote code execution to fully compromise vulnerable websites.

Known as Backup Migration, the plugin helps admins automate site backups to local storage or a Google Drive account.

The security bug (tracked as CVE-2023–6553 and rated with a 9.8÷10 severity score) was discovered by a team of bug hunters known as Nex Team, who reported it to WordPress security firm Wordfence under a recently launched bug bounty program.

Leave a reply