WordPress Plugin Vulnerabilities

Backup Migration < 1.4.0 - Unauthenticated Path Traversal to Arbitrary File Deletion

Description

The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and 'content-name', 'content-manifest', or 'content-bmitmp' and 'content-identy' HTTP headers. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.

Affects Plugins

Plugin icon
backup-backup
Fixed in 1.4.0

References

CVE
CVE-2023-6972
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/0a3ae696-f67d-4ed2-b307-d2f36b6f188c

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
7.5 (high)

Miscellaneous

Original Researcher
Hiroho Shimada
Verified
No
WPVDB ID
0d34189d-0f9e-4bea-a1dc-0579539bf6af

Timeline

Publicly Published
2023-12-22 (about 4 months ago)
Added
2023-12-22 (about 4 months ago)
Last Updated
2024-01-22 (about 3 months ago)

Other

Published
Title
Published
2018-09-19
Title
Wechat Broadcast <= 1.2.0 - Local/Remote File Inclusion
Published
2023-03-13
Title
Shopping Cart & eCommerce Store < 5.4.3 - Admin+ LFI
Published
2024-03-26
Title
Ajax Load More < 7.1.0 - Authenticated (Admin+) Directory Traversal to Arbitrary File Read
Published
2014-08-01
Title
Browser Rejector - Remote & Local File Inclusion
Published
2015-08-24
Title
Multi Plugin Installer < 1.2.0 - Unauthenticated File Traversal