CVE-2023-6972
published 2023-12-23CVE-2023-6972: The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and…
PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.39%
68.9th percentile
The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and 'content-name', 'content-manifest', or 'content-bmitmp' and 'content-identy' HTTP headers. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| backupbliss | backup_migration | < 1.4.0 | 1.4.0 |
| inisev | backupbliss_backup_migration_with_free_cloud_storage | <= 1.3.9 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Backup Migration Plugin up to 1.3.9 on WordPress path traversal (ID 3012745)
vuldb·2026-04-11·CVSS 9.8
CVE-2023-6972 [CRITICAL] Backup Migration Plugin up to 1.3.9 on WordPress path traversal (ID 3012745)
A vulnerability was found in Backup Migration Plugin up to 1.3.9 on WordPress. It has been classified as critical. This affects an unknown part. The manipulation leads to path traversal.
This vulnerability is referenced as CVE-2023-6972. Remote exploitation of the attack is possible. No exploit is available.
GHSA
GHSA-r363-9gh8-w82j: The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1
ghsa_unreviewed·2023-12-23
CVE-2023-6972 [HIGH] CWE-22 GHSA-r363-9gh8-w82j: The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1
The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and 'content-name', 'content-manifest', or 'content-bmitmp' and 'content-identy' HTTP headers. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/backup-heart.phphttps://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/bypasser.phphttps://plugins.trac.wordpress.org/changeset/3012745/backup-backuphttps://www.wordfence.com/threat-intel/vulnerabilities/id/0a3ae696-f67d-4ed2-b307-d2f36b6f188c?source=cvehttps://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/backup-heart.phphttps://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/bypasser.phphttps://plugins.trac.wordpress.org/changeset/3012745/backup-backuphttps://www.wordfence.com/threat-intel/vulnerabilities/id/0a3ae696-f67d-4ed2-b307-d2f36b6f188c?source=cve
2023-12-23
Published