WordPress Plugin Vulnerabilities

Backup Migration 1.0.8 - 1.3.9 - Remote File Inclusion via content-dir

Description

The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. NOTE: Successful exploitation of this vulnerability requires that the target server's php.ini is configured with 'allow_url_include' set to 'on'. This feature is deprecated as of PHP 7.4 and is disabled by default, but can still be explicitly enabled in later versions of PHP.

Affects Plugins

Plugin icon
backup-backup
Fixed in 1.4.0

References

CVE
CVE-2023-6971
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/b380283c-0dbb-4d67-9f66-cb7c400c0427

Classification

Type
RFI
OWASP top 10
A1: Injection
CWE
CWE-98
CVSS
8.1 (high)

Miscellaneous

Original Researcher
Hiroho Shimada
Verified
No
WPVDB ID
9819c6d8-f805-426f-b20b-e6a38715a273

Timeline

Publicly Published
2023-12-22 (about 2 years ago)
Added
2023-12-22 (about 2 years ago)
Last Updated
2026-05-12 (about 20 hours ago)

Other

Published
Title
Published
2025-07-01
Title
WP Travel Gutenberg Blocks < 3.9.1 - Unauthenticated Local File Inclusion
Published
2025-03-17
Title
LinkedIn Lite <= 1.0 - Unauthenticated Local File Inclusion
Published
2026-01-13
Title
Laurent <= 3.1 - Authenticated (Contributor+) Local File Inclusion
Published
2024-10-14
Title
Dynamic Elementor Addons <= 1.0.0 - Authenticated (Contributor+) Local File Inclusion
Published
2026-03-10
Title
Emaurri < 1.5 - Unauthenticated Local File Inclusion