Vulnerabilities > Backupbliss > Backup Migration > 1.3.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-23 | CVE-2023-6971 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Backupbliss Backup Migration The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. | 9.8 |
| 2023-12-23 | CVE-2023-6972 | Path Traversal vulnerability in Backupbliss Backup Migration The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and 'content-name', 'content-manifest', or 'content-bmitmp' and 'content-identy' HTTP headers. | 9.8 |
| 2023-12-23 | CVE-2023-7002 | OS Command Injection vulnerability in Backupbliss Backup Migration The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up to, and including, 1.3.9 via the 'url' parameter. | 7.2 |
| 2023-12-15 | CVE-2023-6553 | Unspecified vulnerability in Backupbliss Backup Migration The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. | 9.8 |