Vulnerability Description
The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. NOTE: Successful exploitation of this vulnerability requires that the target server's php.ini is configured with 'allow_url_include' set to 'on'. This feature is deprecated as of PHP 7.4 and is disabled by default, but can still be explicitly enabled in later versions of PHP.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Backupbliss | Backup Migration | >= 1.0.8, < 1.4.0 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/bacPatch
- https://plugins.trac.wordpress.org/changeset/3012745/backup-backupPatch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/b380283c-0dbb-4d67-9f6PatchThird Party Advisory
- https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/bacPatch
- https://plugins.trac.wordpress.org/changeset/3012745/backup-backupPatch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/b380283c-0dbb-4d67-9f6PatchThird Party Advisory
FAQ
What is CVE-2023-6971?
CVE-2023-6971 is a vulnerability with a CVSS score of 8.1 (HIGH). The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. This makes it possible for unauthenticated attackers to i...
How severe is CVE-2023-6971?
CVE-2023-6971 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-6971?
Check the references section above for vendor advisories and patch information. Affected products include: Backupbliss Backup Migration.