CVE-2023-6553

CRITICAL EXPLOITED NUCLEI LAB

WordPress Backup Migration Plugin PHP Filter Chain RCE

Title source: metasploit

Description

The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server.

Exploits (7)

nomisec WORKING POC 80 stars

by Chocapikk · remote

https://github.com/Chocapikk/CVE-2023-6553

View Code ZIP pw:eip

nomisec WORKING POC 4 stars

by motikan2010 · remote

https://github.com/motikan2010/CVE-2023-6553-PoC

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by 0x00phantom-hat · poc

https://github.com/0x00phantom-hat/CVE-2023-6553-RCE-Exploit

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by Aliyankhan-source · poc

https://github.com/Aliyankhan-source/CVE-2023-6553-RCE-Fancy-Exploit

View Code ZIP pw:eip

nomisec WORKING POC

by Harshit-Mashru · remote

https://github.com/Harshit-Mashru/CVE-2023-6553

View Code ZIP pw:eip

nomisec WORKING POC

by cc3305 · remote

https://github.com/cc3305/CVE-2023-6553

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Nex Team, Valentin Lobstein, jheysel-r7 · rubypocphp

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/wp_backup_migration_php_filter.rb

View Code ZIP pw:eip

Nuclei Templates (1)

Worpress Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution

CRITICALby FLX

Shodan: http.html:/wp-content/plugins/backup-backup/

FOFA: body=/wp-content/plugins/backup-backup/

References (8)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/176638/WordPress-Backup-Migration-1.3.7-Remote-Command-Execution.html

[Patch] https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L118

[Patch] https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L38

[Patch] https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L62

[Patch] https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.7/includes/backup-heart.php#L64

[Patch] https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3006541%40backup-backup&new=3006541%40backup-backup&sfp_email=&sfph_mail=

[Not Applicable] https://www.synacktiv.com/en/publications/php-filters-chain-what-is-it-and-how-to-use-it

[Third Party Advisory] https://www.wordfence.com/threat-intel/vulnerabilities/id/3511ba64-56a3-43d7-8ab8-c6e40e3b686e?source=cve

Scores

CVSS v3 9.8

EPSS 0.9301

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Lab Environment

COMMUNITY

Community Lab

docker pull wordpress:latest

https://github.com/Chocapikk/CVE-2023-6553

https://github.com/motikan2010/CVE-2023-6553-PoC

https://github.com/cc3305/CVE-2023-6553

+4 more repos

View in Library

Details

VulnCheck KEV 2023-12-16

CWE

CWE-94

Status published

Products (2)

backupbliss/backup_migration < 1.3.7

inisev/BackupBliss – Backup & Migration with Free Cloud Storage < 1.3.7

Published Dec 15, 2023

Tracked Since Feb 18, 2026