WordPress Plugin Database backup prone of vulnerability


WordPress Plugin database backup reported today as vulnerability of Metasploit remote code execution.

Researchers from Exploitdb web says then: ” For the backup functionality, the plugin generates a mysqldump command
to execute. The user can choose specific tables to exclude from the backup
by setting the wp_db_exclude_table parameter in a POST request to the
wp-database-backup page. The names of the excluded tables are included in
the mysqldump command unsanitized. Arbitrary commands injected through the
wp_db_exclude_table parameter are executed each time the functionality
for creating a new database backup are run.”

To fix this issues update for this plugins is available.
Do it fast before will be so late to secure your website.


Please enter your comment!
Please enter your name here