Wordpress
July 4, 2020

OS Command Injection in WP-Database-Backup

Nick

On May 28th, a critical OS Command Injection vulnerability affecting the WP-Database-Backup plugin  was disclosed to the public by the Wordfence team. This is a very nasty bug which made it possible for a bad actor to gain full control of affected websites — with over 70,000 reported active installs.

Are You Affected?

On April 30th, version 5.2 was released, patching this vulnerability. If any of your websites use an older version, they’re vulnerable.

Continue reading OS Command Injection in WP-Database-Backup at Sucuri Blog.

Share this:
Twitter icon Facebook icon LinkedIn icon Pinterest icon

More great articles

Authentication Bypass Vulnerability Patched in User Registration Plugin

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security…

Read Story
Wordpress
December 8, 2021

PSA: Remove Kaswara Modern WPBakery Page Builder Addons Plugin Immediately

Today, April 21, 2021, the Wordfence Threat Intelligence team became aware of a critical 0-day vulnerability that is being actively…

Read Story
Wordpress
April 21, 2021

PSA: High Severity File Upload Vulnerability in Elementor Patched

On December 6, 2023, the Wordfence team noticed a changelog entry for version 3.18.1 of Elementor, a WordPress plugin installed…

Read Story
Wordpress
December 8, 2023

Emergency WordPress Help

One of our techs will get back to you within minutes.