- Description
- The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server.
- Source
- security@wordfence.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
[ Tool ] - Mass CVE-2023-6553 🚀 PHPChain Exploit ❤️ https://t.co/r5zB3fZaLF
@crypter66921
11 Apr 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Global 🌍 - 100K Websites Allegedly Vulnerable to CVE-2023-6553 A collection of 100,000 websites reportedly remains vulnerable to the CVE-2023-6553 exploit. This highlights the urgent need for organizations to update their systems and patch vulnerabilities to mitigate potential…
@DailyDarkWeb
5 Dec 2024
3582 Impressions
7 Retweets
20 Likes
10 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:backupbliss:backup_migration:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "58EBC3ED-E8A3-444C-ABF0-66A28658B0C7",
"versionEndIncluding": "1.3.7"
}
],
"operator": "OR"
}
]
}
]