2023-12-23 01:59:46
Wordfence
PUBLISHED
The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the content-backups and content-name, content-manifest, or content-bmitmp and content-identy HTTP headers. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.