The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and 'content-name', 'content-manifest', or 'content-bmitmp' and 'content-identy' HTTP headers. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-12-23T01:59:46.751Z

Updated: 2024-08-02T08:50:06.839Z

Reserved: 2023-12-20T01:43:10.286Z

Link: CVE-2023-6972

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-12-23T02:15:45.333

Modified: 2024-11-21T08:44:57.187

Link: CVE-2023-6972

cve-icon Redhat

No data.