December 14, 2023

WordPress Vulnerability Fix

If your organization is one of the millions that uses WordPress for hosting its websites, take heed to a recently discovered vulnerability with the Backup Migration WordPress plug-in, which has more than 90,000 installs. This vulnerability lets attackers inject and execute arbitrary PHP code to cause remote control execution (RCE) to completely take over your website. An update to fix the plugin flaw is available at https://wordpress.org/plugins/backup-backup/ . You should be using version 1.3.8 or above to address this concern.

This is another reminder to make sure patch and vulnerability management is happening on all fronts for your organization. Vulnerabilities are frequently discovered with WordPress core software and plugins, so make sure you include them! We should also note that it is also possible to enable automatic updates which may make sense for many institutions, and should make the patching process hands off.


Authored by: Brad Goetsch

You May Want to Read More:

Wanted: Information Security Officer - WST

October 6, 2023

Looking for a new Information Security Officer? What skill sets should be considered? As information security professionals....

Here Comes Passkeys! - WST

September 29, 2023

The next version of Windows 11 (23H2) due October 2023 adds support for passkeys. Google also added passkey support for Google accounts back in....

Security Incident Notification Rule and Service Providers - WST

September 21, 2023

Back in November of 2021, the OCC, FRB, and FDIC jointly issued a final rule requiring banking....

Keep your institution off the evening news.


Contact Us