A high-severity vulnerability has been identified in the All-in-One WP Migration and Backup plugin, which is installed on over 5 million WordPress sites. This vulnerability allows unauthenticated attackers to inject a PHP object through the ‘replace_serialized_values’ function, potentially leading to arbitrary file deletion, data retrieval, or code execution. Exploitation requires an administrator to export and restore a backup using the plugin.
Recommended Actions:
• Update the Plugin: Ensure that your All-in-One WP Migration and Backup plugin is updated to the latest version (7.90 or later) to patch this vulnerability.
• Alternative Plugins: If you prefer to switch plugins, consider using UpdraftPlus, a popular WordPress backup and migration plugin known for its reliability and comprehensive features.
Regularly updating plugins and themes is crucial for maintaining website security.
Recent Comments