The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. An attacker can control the values passed to an include statement, leveraging that to achieve remote code execution. This vulnerability allows unauthenticated attackers to execute code on the server easily