9.8
CVE-2023-6553
- EPSS 93.34%
- Veröffentlicht 15.12.2023 11:15:47
- Zuletzt bearbeitet 08.04.2026 18:18:37
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginBackup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server.
Mögliche Gegenmaßnahme
BackupBliss – Backup & Migration with Free Cloud Storage: Update to version 1.3.8, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
BackupBliss – Backup & Migration with Free Cloud Storage
Version
*-1.3.7
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Backupbliss ≫ Backup Migration SwPlatformwordpress Version <= 1.3.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 93.34% | 0.998 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| security@wordfence.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.