Wordpress
July 4, 2020

OS Command Injection in WP-Database-Backup

Nick

On May 28th, a critical OS Command Injection vulnerability affecting the WP-Database-Backup plugin  was disclosed to the public by the Wordfence team. This is a very nasty bug which made it possible for a bad actor to gain full control of affected websites — with over 70,000 reported active installs.

Are You Affected?

On April 30th, version 5.2 was released, patching this vulnerability. If any of your websites use an older version, they’re vulnerable.

Continue reading OS Command Injection in WP-Database-Backup at Sucuri Blog.

Share this:
Twitter icon Facebook icon LinkedIn icon Pinterest icon

More great articles

A (Beta) Audio Roundup of September’s WordPress Vulnerabilities

For those of you that want to stay abreast of the newest vulnerabilities in the WP ecosystem, but like to…

Read Story
Wordpress
September 30, 2024

$1,900 Bounty Awarded for Arbitrary Options Update Vulnerability Patched in Cookie Information | Free GDPR Consent Solution WordPress Plugin

On December 11th, 2023, during our Holiday Bug Extravaganza, we received a submission for an Arbitrary Options Update vulnerability in…

Read Story
Wordpress
February 6, 2024

Critical Security Update for Magento Open Source & Adobe Commerce

Last week on August 8th, 2023, Adobe released a critical security patch for Adobe Commerce and the Magento Open Source…

Read Story
Wordpress
October 17, 2023

Emergency WordPress Help

One of our techs will get back to you within minutes.