On May 28th, a critical OS Command Injection vulnerability affecting the WP-Database-Backup plugin was disclosed to the public by the Wordfence team. This is a very nasty bug which made it possible for a bad actor to get full control of affected websites — with over 70,000 reported active installs.
Are you Affected?
This vulnerability was patched with version 5.2, which was released on April 30th. If any of your websites use an older version, it is vulnerable.
Source: Scuri check