On May 28th, a critical OS Command Injection vulnerability affecting the WP-Database-Backup plugin was disclosed to the public by the Wordfence team. This is a very nasty bug which made it possible for a bad actor to gain full control of affected websites — with over 70,000 reported active installs.
Are You Affected?
On April 30th, version 5.2 was released, patching this vulnerability. If any of your websites use an older version, they’re vulnerable.