WordPress Plugin database backup reported today as vulnerability of Metasploit remote code execution.
Researchers from Exploitdb web says then: ” For the backup functionality, the plugin generates a
to execute. The user can choose specific tables to exclude from the backup
by setting the
wp_db_exclude_table parameter in a POST request to the
wp-database-backup page. The names of the excluded tables are included in
mysqldump command unsanitized. Arbitrary commands injected through the
wp_db_exclude_table parameter are executed each time the functionality
for creating a new database backup are run.”
To fix this issues update for this plugins is available.
Do it fast before will be so late to secure your website.