This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress plugin Backup Guard versions prior to 1.6.0. This is due to an incorrect check of the uploaded file extension which should be of SGBP type. Then, the uploaded payload can be triggered by a call to /wp-content/uploads/backup-guard/.php.

You May Also Like

Zeppelin ransomware gang is back after a temporary pause

Operators behind the Zeppelin ransomware-as-a-service (RaaS) have resumed their operations after a…

Wiregrass Electric Cooperative hit by a ransomware attack

Wiregrass Electric Cooperative, a rural Alabama electric cooperative was hit by a…