WordPress Plugin Database backup prone of vulnerability

0

WordPress Plugin database backup reported today as vulnerability of Metasploit remote code execution.

Researchers from Exploitdb web says then: ” For the backup functionality, the plugin generates a mysqldump command
to execute. The user can choose specific tables to exclude from the backup
by setting the wp_db_exclude_table parameter in a POST request to the
wp-database-backup page. The names of the excluded tables are included in
the mysqldump command unsanitized. Arbitrary commands injected through the
wp_db_exclude_table parameter are executed each time the functionality
for creating a new database backup are run.”

To fix this issues update for this plugins is available.
Do it fast before will be so late to secure your website.

LEAVE A REPLY

Please enter your comment!
Please enter your name here