CVE-2022-2442

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to deserialization of untrusted input via the 'path' parameter in versions up to, and including 0.9.74. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper...

WordPress plugin Migration, Backup, Staging – WPvivid 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Migration,...

PT-2022-16685 · WordPress · Wpvivid

Name of the Vulnerable Software and Affected Versions: Migration, Backup, Staging – WPvivid plugin for WordPress versions up to, and including 0.9.74 Description: The issue allows deserialization of untrusted input via the path parameter. This enables authenticated attackers with administrative...

WordPress WPvivid Backup Plugin <= 0.9.74 - Authenticated PHAR Deserialization vulnerability

Authenticated PHAR Deserialization vulnerability discovered by Rasoul Jahanshahi in WPvivid Backup plugin versions = 0.9.74 Solution Update the WordPress WPvivid Backup and Migration plugin to the latest available version at least 0.9.75...

Template Injection in jsrender

Affected versions of jsrender are susceptible to a remote code execution vulnerability when used with server delivered client-side tempates which dynamically embed user input. Proof of Concept js //POC-REQUEST for x!=1?constructor.constructor"return arguments.callee.caller":y10 :data /for js...