Wordpress
July 4, 2020

OS Command Injection in WP-Database-Backup

Nick

On May 28th, a critical OS Command Injection vulnerability affecting the WP-Database-Backup plugin  was disclosed to the public by the Wordfence team. This is a very nasty bug which made it possible for a bad actor to gain full control of affected websites — with over 70,000 reported active installs.

Are You Affected?

On April 30th, version 5.2 was released, patching this vulnerability. If any of your websites use an older version, they’re vulnerable.

Continue reading OS Command Injection in WP-Database-Backup at Sucuri Blog.

Share this:
Twitter icon Facebook icon LinkedIn icon Pinterest icon

More great articles

Critical Remote Code Execution Vulnerability in Elementor

On March 29, 2022, the Wordfence Threat Intelligence team initiated the disclosure process for a critical vulnerability in the Elementor…

Read Story
Wordpress
April 13, 2022

$5,500 Bounty Awarded for Unauthenticated SQL Injection Vulnerability Patched in LayerSlider WordPress Plugin

On March 25th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an unauthenticated SQL Injection vulnerability…

Read Story
Wordpress
April 2, 2024

The Elementor Attacks: How Creative Hackers Combined Vulnerabilities to Take Over WordPress Sites

On May 6, our Threat Intelligence team was alerted to a zero-day vulnerability present in Elementor Pro, a WordPress plugin…

Read Story
Wordpress
July 4, 2020

Emergency WordPress Help

One of our techs will get back to you within minutes.