CyberSecurityBoard
Sponsor Register Login

Critical Unauthenticated Remote Code Execution Found in Backup Migration Plugin

Wordfence just launched its bug bounty program.
On December 5th, 2023, shortly after the launch of our Holiday Bug Extravaganza, we received a submission for a PHP Code Injection vulnerability in Backup Migration, a WordPress plugin with over 90,000+ active installations.
This vulnerability makes it possible for unauthenticated threat actors to inject and execute arbitrary PHP code on WordPress sites that use this plugin.
We quickly released a firewall rule to protect Wordfence Premium, Wordfence Care, and Wordfence Response customers on December 6, 2023.
Sites still running the free version of Wordfence will receive the same protection 30 days later, on January 5, 2024.
We contacted the BackupBliss team, makers of the Backup Migration plugin, on the same day we released our firewall rule.
We urge users to update their sites with the latest patched version of Backup Migration, which is version 1.3.8 at the time of this writing, immediately.
The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.
This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution.
This makes it possible for unauthenticated threat actors to easily execute code on the server.
Php file used by the Backup Migration plugin attempts to include bypasser.
December 6, 2023 - We initiate contact with the plugin developer and send over the full disclosure details.
A fully patched version of the plugin, 1.3.8, is released.
In this blog post, we detailed a critical PHP Code Injection vulnerability within the Backup Migration plugin affecting versions 1.3.7 and earlier.
This vulnerability allows unauthenticated threat actors to inject arbitrary PHP code, resulting in a full site compromise.
The vulnerability has been fully addressed in version 1.3.8 of the plugin.
We urge WordPress users to verify that their sites are updated to the latest patched version of Backup Migration.
Wordfence users running Wordfence Premium, Wordfence Care, and Wordfence Response have been protected against these vulnerabilities as of December 6, 2023.
Users still using the free version of Wordfence will receive the same protection on January 5, 2024.
If you know someone who uses this plugin on their site, we recommend sharing this advisory with them to ensure their site remains secure, as this vulnerability poses a significant risk.


This Cyber News was published on www.wordfence.com. Publication date: Mon, 11 Dec 2023 19:13:05 +0000


Cyber News related to Critical Unauthenticated Remote Code Execution Found in Backup Migration Plugin

Critical Unauthenticated Remote Code Execution Found in Backup Migration Plugin - Wordfence just launched its bug bounty program. On December 5th, 2023, shortly after the launch of our Holiday Bug Extravaganza, we received a submission for a PHP Code Injection vulnerability in Backup Migration, a WordPress plugin with over 90,000+ ...
6 months ago Wordfence.com
50K WordPress sites exposed to RCE attacks by critical bug in backup plugin - A critical severity vulnerability in a WordPress plugin with more than 90,000 installs can let attackers gain remote code execution to fully compromise vulnerable websites. Known as Backup Migration, the plugin helps admins automate site backups to ...
6 months ago Bleepingcomputer.com
Critical WordPress Plug-in RCE Bug Exposes Reams of Websites to Takeover - A critical unauthenticated remote control execution bug in a backup plug-in that's been downloaded more than 90,000 times exposes vulnerable WordPress sites to takeover - another example of the epidemic of risk posed by flawed plug-ins for the ...
6 months ago Darkreading.com
Business Data Backup and Recovery Planning - Data backup and recovery planning is essential in today's interconnected and data-driven business landscape. By understanding the significance of data backup and recovery planning, businesses can effectively protect their critical information and ...
4 months ago Securityzap.com
Flaws in Backup Migration and Elementor WordPress Plugins Allow Remote Code Execution - Critical remote code execution vulnerabilities have been found in two popular WordPress plugins. The affected plugins, Backup Migration and Elementor, have a combined user base of more than five million. Elementor is the most popular of the two, with ...
6 months ago Securityweek.com
GCP to AWS migration: A Comprehensive Guide - Embarking on a GCP to AWS migration journey can be both exciting and challenging. Before we dive into the technical details, let's explore why businesses might consider migrating from GCP to AWS. While GCP offers a range of services, AWS boasts an ...
5 months ago Feeds.dzone.com
CVE-2023-40004 - Missing Authorization vulnerability in ServMask All-in-One WP Migration Box Extension, ServMask All-in-One WP Migration OneDrive Extension, ServMask All-in-One WP Migration Dropbox Extension, ServMask All-in-One WP Migration Google Drive ...
1 week ago
Veeam Data Platform 23H2 update enhances resilience against ransomware - 1 release as well as Veeam ONE v12.1 and Veeam Recovery Orchestrator v7. This latest release from Veeam, with a focus on radical resilience, includes hundreds of new features and enhancements designed to not only protect enterprises' most critical ...
6 months ago Helpnetsecurity.com
Veeam adds BaaS capabilities for Veeam Backup for Microsoft 365 - Veeam Software has expanded its relationship with Microsoft. Veeam is making it easier for customers to protect Microsoft 365 with Cirrus by Veeam which brings the ease and flexibility of Backup-as-a-Service for Microsoft 365. Utilizing the power and ...
6 months ago Helpnetsecurity.com
7 Keys to an Effective Hybrid Cloud Migration Strategy - Not very long ago, a hybrid cloud migration strategy amounted to a business extending its internal workloads into an environment it doesn't own. A hybrid cloud strategy was relatively simple - a combination of on-site resources and some type of cloud ...
5 months ago Techtarget.com
JetBrains TeamCity Exploits Continue - This week's news includes open-source software vulnerabilities, endangered data, and continued attacks from state-sponsored Russian threat groups. Type of vulnerability: Cross-site scripting and command injection. The problem: Code analysis software ...
6 months ago Esecurityplanet.com
Backup Migration WordPress Plugin Flaw Impacts 90,000 Sites - Security researchers have warned users of a popular WordPress plugin that they need to patch urgently or risk their site being remotely hijacked. Security vendor Wordfence has revealed a new PHP code injection vulnerability with a CVSS score of 9.8, ...
6 months ago Infosecurity-magazine.com
New phishing attack steals your Instagram backup codes to bypass 2FA - A new phishing campaign pretending to be a 'copyright infringement' email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account. Two-factor authentication is a ...
6 months ago Bleepingcomputer.com
CVE-2021-35599 - Vulnerability in the Zero Downtime DB Migration to Cloud component of Oracle Database Server. The supported version that is affected is 21c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with logon to ...
2 years ago
How to manage a migration to Microsoft Entra ID - Microsoft Entra ID, formerly Azure Active Directory, is not a direct replacement for on-premises Active Directory due to feature gaps and alternative ways to perform similar identity and access management tasks. For some organizations, a move to ...
6 months ago Techtarget.com
CVE-2024-35853 - In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the ...
1 month ago Tenable.com
Phishing Campaign Targets Instagram Users, Steals Backup Codes and Circumvent 2FA Protection - A recent phishing scheme has emerged, posing as a 'copyright infringement' email to deceive Instagram users and pilfer their backup codes. These codes, integral for the recovery of accounts, are used to circumvent the two-factor authentication ...
6 months ago Cysecurity.news
CVE-2023-52185 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Everestthemes Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin.This issue affects Everest Backup – WordPress Cloud Backup, Migration, ...
5 months ago
CVE-2024-32876 - NewPipe is an Android app for video streaming written in Java. It supports exporting and importing backups, as a way to let users move their data to a new device effortlessly. However, in versions 0.13.4 through 0.26.1, importing a backup file from ...
2 months ago
Python 2 EOL: Coping with Legacy System Challenges - Python 2.7 was the last major version in the 2.x series of this software language, which was launched on July 3, 2010 and was officially maintained and supported until January 1, 2020. At that point, when the Python 2 EOL phase began, the legacy ...
6 months ago Securityboulevard.com
Opening Statement by CISA Director Jen Easterly - Chairman Gallagher, Ranking Member Krishnamoorthi, Members of the Committee, thank you for the opportunity to testify on CISA's efforts to protect the Nation from the preeminent cyber threat posed by the People's Republic of China. As America's ...
5 months ago Cisa.gov
CVE-2018-14636 - Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively down prior to live-migration and kept down ...
4 years ago
CVE-2024-35852 - In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work The rehash delayed work is rescheduled with a delay if the number of credits at end of the work is not negative ...
1 month ago Tenable.com
The Eureka Moment: Discovering Application Traffic Observability - If you've been part of a network segmentation or Zero Trust architecture planning project or a data center or application migration initiative, the following scenario probably rings true. You start by asking the application owners about the traffic ...
2 days ago Securityboulevard.com
Veeam warns of critical bugs in Veeam ONE monitoring platform - Veeam released hotfixes today to address four vulnerabilities in the company's Veeam ONE IT infrastructure monitoring and analytics platform, two of them critical. The company assigned almost maximum severity ratings to the critical security flaws ...
7 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)