WordPress Vulnerability Fix

If your organization is one of the millions that uses WordPress for hosting its websites, take heed to a recently discovered vulnerability with the Backup Migration WordPress plug-in, which has more than 90,000 installs. This vulnerability lets attackers inject and execute arbitrary PHP code to cause remote control execution (RCE) to completely take over your website. An update to fix the plugin flaw is available at https://wordpress.org/plugins/backup-backup/ . You should be using version 1.3.8 or above to address this concern.

This is another reminder to make sure patch and vulnerability management is happening on all fronts for your organization. Vulnerabilities are frequently discovered with WordPress core software and plugins, so make sure you include them! We should also note that it is also possible to enable automatic updates which may make sense for many institutions, and should make the patching process hands off.

Authored by: Brad Goetsch