WP Backup Plugin CVE AUG 2023
Be informed about the latest WP Backup Plugin CVE AUG 2023, identified and reported publicly. It is a +467% INCREASE compared to previous month, as specifically targeted backup strategies. Consider for your online safety, a WP/Woo DISASTER RECOVERY AUDIT, – OR – switching with a TOP10LIST alternative WP Backup Plugin – OR – Hire professionals for tailored WP Backup.
What is CVE?
TLDR: the details on how to hack a specific software is made public, forcing the vendor to provide a solution (patch or upgrade), that closes that specific vulnerability.
CVE is short for Common Vulnerabilities and Exposures. The Common Vulnerabilities and Exposures (CVE) system provides a reference method for publicly known information-security vulnerabilities and exposures. Read more on wikipedia.org: Common Vulnerabilities and Exposures, Common Vulnerability Scoring System, Common Weakness Enumeration.
If you are serious about your business, then you need to pay attention because your backup is the most crucial factor when disaster hits your WordPress. The following cases made headlines PUBLICLY just last month in the WP Backup Plugin CVE AUG 2023 category:
Restore everything you need, every time you need it, quickly for your peaceful digital life and your domain! No more: hidden storage costs, paid restore procedures, unavailable or broken archives.
| Advanced Custom Fields options import/export | Cross-Site Scripting (XSS) |
| Advanced Database Replacer | Cross-Site Scripting (XSS) |
| AWS S3 for WordPress Plugin – Upcasted | Cross-Site Scripting (XSS) |
| azw woocommerce file uploads | Cross-Site Scripting (XSS) |
| Backup Bolt | Cross-Site Scripting (XSS) |
| Backup Migration | Cross-Site Request Forgery (CSRF) on handle_installation function |
| Backup Migration | Missing Authorization (BAC) on handle_installation function |
| BotMate – Automate or Sync Your Sites With No Code | Cross-Site Scripting (XSS) |
| BuddyDrive | Cross-Site Scripting (XSS) |
| Bulk Attachment Download | Cross-Site Scripting (XSS) |
| Bulk Edit and Create User Profiles – WP Sheet Editor | Cross-Site Scripting (XSS) |
| Clone | Cross-Site Request Forgery (CSRF) on handle_installation function |
| Clone | Missing Authorization (BAC) on handle_installation function |
| Contact Form DB Divi | Cross-Site Scripting (XSS) |
| Database Table Overview and Logs | Cross-Site Scripting (XSS) |
| Date Picker by Input WP – Sync bookings with external Calendars (.ics) | Cross-Site Scripting (XSS) |
| Delete Duplicate Posts | Cross-Site Scripting (XSS) |
| DeMomentSomTres WordPress Export Posts With Images | Cross-Site Scripting (XSS) |
| Duplicate Post | Cross-Site Request Forgery (CSRF) on handle_installation function |
| Duplicate Post | Missing Authorization (BAC) on handle_installation function |
| Duplicate Variations for Woocommerce | Cross-Site Scripting (XSS) |
| eaSYNC | Cross-Site Scripting (XSS) |
| Embed Docs – Elementor Files Addon,Elementor Docs Addon,Embed PDF, Word, PowerPoint and Excel Files in Gutenberg & Elementor | Cross-Site Scripting (XSS) |
| Files Download Delay | Cross-Site Scripting (XSS) |
| Form Vibes – Database Manager for Forms | Cross-Site Scripting (XSS) |
| Import Export WordPress Users | Missing Authorization (BAC)to Arbitrary User Password Change |
| Import Holded for WooCommerce or Easy Digital Downloads | Cross-Site Scripting (XSS) |
| Import Social Statistics | Cross-Site Scripting (XSS) |
| Integrate Google Drive | Cross-Site Scripting (XSS) |
| Integrate Google Drive | Unauthenticated Broken Access Control (BAC) |
| Market Exporter | Cross-Site Scripting (XSS) |
| Migrate WordPress Website & Backups – Prime Mover | Cross-Site Scripting (XSS) |
| Optimize Database after Deleting Revisions | Cross-Site Request Forgery (CSRF) |
| Remove Duplicate Posts | Broken Access Control (BAC) |
| Remove Duplicate Posts | Cross-Site Scripting (XSS) |
| Shared Files | Cross-Site Scripting (XSS) |
| Shortcode IMDB | Cross-Site Request Forgery (CSRF) |
| SQL Reporting Services – SSRS Plugin for WordPress | Cross-Site Scripting (XSS) |
| Sync eCommerce NEO | Cross-Site Scripting (XSS) |
| Sync to Etsy Marketplace from WooCommerce | Cross-Site Scripting (XSS) |
| Table & Contact Form 7 Database – Tablesome – Data Table & Contact Form 7 Database (CFDB7) Plugin | Cross-Site Scripting (XSS) |
| TreePress – Easy Family Trees & Ancestor Profiles | Cross-Site Scripting (XSS) |
| WordPress WooCommerce Sync for Google Sheet | Cross-Site Scripting (XSS) |
| WPAdmin AWS CDN | Cross-Site Request Forgery (CSRF) |
| WP Clone Menu | Broken Access Control (BAC) |
| WP Data Access | Cross-Site Scripting (XSS) |
| WP Database Administrator | Unauthenticated SQL Injection (SQLi) |
| WPEventPartners Demo Import | Cross-Site Scripting (XSS) |
| WPGutenBlog Demo Import | Cross-Site Scripting (XSS) |
| WPHobby Demo Import | Cross-Site Scripting (XSS) |
| WP Smart Export (Free) | Cross-Site Scripting (XSS) |
| WP Backup Plugin CVE (public vulnerabilities) reported in 2023 so far | 104 |
Automated full files + DB copies; stored locally, on premise or in the cloud, with any owl WordPress Backup task. Tailored to your needs at your scheduled intervals, and safely kept as long as you want it.
As a business, you cannot afford to lose your website data even for a single day. A major data loss can happen due to various reasons, including Human Error, Website Hack, Natural Disasters, Server Crash and Failure or Unsuccessful Updates.
Do you have control over when or how backups are taken and where they are stored? Are they trustworthy? Maybe you depend on a non-existent lifeline!
Why Is WordPress BACKUP Crucial?
A reliable backup solution ensures that you, as the WordPress owner, don’t have to conduct backups yourself nor worry about losing any data or tinker with restore procedures. Any backup solution must be comprehensive, meaning that it should take backups of both your website files and your database. This ensures that you have the complete backup package WHEN you need to restore a failed website.
Incremental Backups?
Taking a daily backup of your entire website data can use a lot of resources from your web server by eating up pricey resources and bandwidth. Also, backups are a very server-intensive process, recurrent backups can impact your server performance and the storage space available for keeping backups.
Scheduled or On-demand Backups?
Both! Always both! A scheduled backup is an automated backup process, without any human intervention. Scheduled at fixed intervals (daily, weekly, or monthly) depending on your recovery plan. Manual backup is a long and time-consuming process. Yet, it is highly justified, when major changes are implemented or not so trustworthy persons handle your WordPress.
What is Vulnerability Knowledge?
As time passes, vulnerabilities are discovered in your plugins, theme and the version of WordPress core you are using. Those vulnerabilities (or Security holes) ALWAYS become public knowledge sooner rather, than later.
Your business niche demands competitiveness! Your business niche demands stability! Your competition targets your website almost constantly!
