CVE-2023-6553: 
WordPress vulnerability analysis and mitigation

CVE-2023-6553 affects the Backup Migration plugin for WordPress in all versions up to and including 1.3.7. The vulnerability, discovered by the Nex Team and reported to Wordfence, allows unauthenticated attackers to execute arbitrary code on the server through the /includes/backup-heart.php file (Wordfence Advisory, Security Online).

The vulnerability stems from an attacker's ability to control values passed to an include statement in the backup-heart.php file. The flaw has received a CVSS score of 9.8 (Critical), indicating its severe nature. The vulnerability allows unauthenticated attackers to execute arbitrary commands on the server in the security context of the WordPress instance (WPScan).

The vulnerability affects over 90,000 WordPress websites and allows attackers to gain complete control of affected websites. Successful exploitation enables unauthenticated attackers to execute arbitrary code on the server, potentially leading to full website compromise (Security Online).

Website administrators are strongly advised to update the Backup Migration plugin to version 1.3.8 or later, which patches the vulnerability. Additional security measures include backing up website data, changing WordPress login credentials, and regularly scanning the website for vulnerabilities (Security Online).