Critical RCE Bug in WordPress Backup Plugin Exposes 50K Sites

December 11, 2023 at 10:46 PM

•

1 min read

Critical RCE Bug in WordPress Backup Plugin Exposes 50K Sites — Photo: BleepingComputer

TL;DR Summary

A critical vulnerability in the Backup Migration plugin for WordPress has exposed over 50,000 websites to remote code execution (RCE) attacks. The security flaw, tracked as CVE-2023-6553, allows unauthenticated attackers to take control of targeted websites by injecting malicious PHP code. The vulnerability affects all versions of the plugin up to and including Backup Migration 1.3.6. The developers have released a patch, but nearly 50,000 vulnerable WordPress sites have yet to be secured. WordPress administrators are also being targeted by a phishing campaign using fake security advisories.

Topics:technology #backup-migration-plugin #cve-2023-6553 #cybersecurity #patch #rce-attacks #wordpress

Share this article

50K WordPress sites exposed to RCE attacks by critical bug in backup plugin BleepingComputer
WordPress 6.4.2 fixed a Remote Code Execution (RCE) flaw Security Affairs
Update WordPress now to fix this significant security flaw TechRadar

Reading Insights

Total Reads

Unique Readers

Time Saved

2 min

vs 3 min read

Condensed

79%

424 → 87 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights