edit-icon download-icon

[Vulnerability notice] Arbitrary file download vulnerability in the Wordpress DB Backup plug-in

Last Updated: Nov 23, 2017

Description

The Wordpress DB Backup plug-in has a severe security vulnerability that may allow hackers to remotely download any file from the server.

Attackers may also construct malicious requests to download sensitive files from the server, and further embed website webshell files to control the website server host.

Affected versions

Wordpress DB Backup <= 4.5

Fix

Go to the Wordpress management backend and update the Wordpress DB Backup plug-in to the latest version.

Thank you! We've received your feedback.