Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in WordPress Backup Migration Plugin
Alerts

Critical Vulnerability in WordPress Backup Migration Plugin

18 December 2023

WordPress has released updates addressing a critical vulnerability (CVE-2023-6553) in their Backup Migration plugin. The vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.8 out of 10.

Successful exploitation of the PHP code injection vulnerability could allow an unauthenticated attacker to perform remote code execution and compromise websites fully.

The vulnerability affects all WordPress Backup Migration plugin versions up to and including 1.3.7.

Users and administrators of the affected products are advised to update to the latest product versions immediately.

More information is available here:
https://www.wordfence.com/blog/2023/12/critical-unauthenticated-remote-code-execution-found-in-backup-migration-plugin/
https://www.infosecurity-magazine.com/news/backup-migration-wordpress-plugin/
https://www.bleepingcomputer.com/news/security/50k-wordpress-sites-exposed-to-rce-attacks-by-critical-bug-in-backup-plugin/

Back to top