Description
The Backup Migration plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.9 via the 'content-backups' and 'content-name', 'content-manifest', or 'content-bmitmp' and 'content-identy' HTTP headers. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.
Remediation
References
Related Vulnerabilities
WordPress Plugin Social Sharing-Kiwi Security Bypass (2.1.0)
MediaWiki URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-0363)
WordPress Plugin Responsive Image Slider, Photo Gallery And Carousel Security Bypass (1.3.5)
WordPress Plugin Last.fm Rotation Local File Inclusion (1.0)