CVE-2023-7002
🟡 Monitoruj
Wtyczka Backup Migration dla WordPressa umożliwia zdalne wykonanie poleceń przez atakujących.
CVSS
7.2
EPSS
23.2%
Exploit
poc
Vendor
backupbliss
Opis źródłowy (NVD)
The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up to, and including, 1.3.9 via the 'url' parameter. This vulnerability allows authenticated attackers, with administrator-level permissions and above, to execute arbitrary commands on the host operating system.
exploit rce
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 7.2 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 23.2% |
| Opublikowano (NVD) | 2023-12-23 02:15:45 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-08 19:19:05 UTC |
Referencje
- https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/ajax.php#L1503 (security@wordfence.com) [Exploit]
- https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/ajax.php#L1518 (security@wordfence.com) [Exploit]
- https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/ajax.php#L88 (security@wordfence.com) [Exploit]
- https://plugins.trac.wordpress.org/changeset/3012745/backup-backup (security@wordfence.com) [Patch]
- https://www.linuxquestions.org/questions/linux-security-4/php-function-exec-enabled-how-big-issue-4175508082/ (security@wordfence.com) [Patch, Third Party Advisory]
- https://www.wordfence.com/threat-intel/vulnerabilities/id/cc49db10-988d-42bd-a9cf-9a86f4c79568?source=cve (security@wordfence.com) [Third Party Advisory]