The Backup Migration plugin for WordPress has a flaw that allows attackers via the /includes/backup-heart.php file to remotely execute code on a website in all versions up to and including v1.3.7. This makes it possible for unauthenticated attackers to easily execute code on the server. Wordfence blocked 39 attacks targeting this vulnerability in the past […]