December 11, 2023 at 05:48PM
A critical security flaw in the WordPress Backup Migration plugin (CVE-2023-6553) allows unauthenticated attackers to remotely execute PHP code, compromising vulnerable websites. The bug, rated 9.8/10 in severity, was quickly patched after being reported to BackupBliss. However, many websites remain vulnerable, and WordPress admins are urged to take immediate action to secure their sites.
Key meeting notes:
1. Critical severity vulnerability in Backup Migration WordPress plugin.
2. Vulnerability tracked as CVE-2023-6553 with 9.8/10 severity score.
3. Discovered by Nex Team, reported to Wordfence under a bug bounty program.
4. Impacts all plugin versions up to and including 1.3.6.
5. Allows unauthenticated attackers to achieve remote code execution.
6. Patch released as Backup Migration 1.3.8.
7. 50,000 vulnerable WordPress websites still need to be secured.
Please let me know if you need further details or additional information.