CVE-2023-7002

HIGH

Backup Migration < 1.3.9 - Authenticated OS Command Injection via URL Parameter

Title source: llm

Description

The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up to, and including, 1.3.9 via the 'url' parameter. This vulnerability allows authenticated attackers, with administrator-level permissions and above, to execute arbitrary commands on the host operating system.

References (6)

Core 6

Core References

Exploit

https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/ajax.php#L1503

Exploit

https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/ajax.php#L1518

Exploit

https://plugins.trac.wordpress.org/browser/backup-backup/tags/1.3.9/includes/ajax.php#L88

Patch

https://plugins.trac.wordpress.org/changeset/3012745/backup-backup

Patch, Third Party Advisory

https://www.linuxquestions.org/questions/linux-security-4/php-function-exec-enabled-how-big-issue-4175508082/

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/cc49db10-988d-42bd-a9cf-9a86f4c79568?source=cve

Scores

CVSS v3 7.2

EPSS 0.4590

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (2)

backupbliss/backup_migration < 1.4.0

inisev/BackupBliss – Backup & Migration with Free Cloud Storage < 1.3.9

Published Dec 23, 2023

Tracked Since Feb 18, 2026