cleantalk
Vulnerabilities and Security Researches

Backup Migration, CVE-2023-6553

CVE, Research URL

CVE-2023-6553

Home page URL

Security reports for Backup Migration

Application

Backup Migration

Published on
Dec 15, 2023
Research Description
The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server.
Affected versions
max 1.3.8.
Status
vulnerable
Previous vulnerability researches
Backup Migration , Apr 23, 2026
Backup Migration (CVE-2025-12394) , Dec 10, 2025
Backup Migration (CVE-2026-39480) , Apr 27, 2026
Backup Migration (CVE-2024-10932) , Jan 05, 2025
Backup Migration (CVE-2023-38514) , Jan 05, 2025
New vulnerability
IDPay Payment Gateway for Woocommerce (CVE-2026-34891) , Apr 27, 2026
Doppler Forms (CVE-2025-9544) , Apr 27, 2026
Acclectic Media Organizer (CVE-2025-48326) , Apr 27, 2026
Contact Form 7 reCAPTCHA (CVE-2025-8280) , Apr 27, 2026
Backup Migration (CVE-2026-39480) , Apr 27, 2026