all InfoSec news
A Vulnerability in the Backup Migration Plugin for WordPress Could Allow for Remote Code Execution
Center for Internet Security - Multi-State Information Sharing and Analysis Center www.cisecurity.org
A vulnerability has been discovered in the Backup Migration Plugin for WordPress, which could allow for remote code execution. The Backup Migration Plugin helps admins automate site backups to local storage or a Google Drive account. Successful exploitation could allow for remote code execution in the context of the Server. Depending on the privileges associated with the logged on user, an attacker could then install programs; view, change, or delete data. Users whose accounts are configured to have fewer user …
account backup backups code code execution drive exploitation google google drive local migration plugin remote code remote code execution storage vulnerability wordpress