On December 6th, 2023, the WordPress plugin Backup Migration received a critical security patch for a remote code execution vulnerability. Details were released five days later after users were given an opportunity to install the patch, although the official CVE is still locked down in “reserved” mode.
Website administrators are advised to update to the most recent version 1.3.8 which contains several crucial security improvements. The vulnerability is ranked as 9.8 on the CVSS scale, so it’s about as bad as you can get.
Continue reading Critical RCE Vulnerability Patched in Backup Migration Plugin at Sucuri Blog.
