WPvivid Backup & Migration <= 0.9.123 - Arbitrary File Upload

WPvivid Backup & Migration plugin for WordPress = 0.9.123 contains an unauthenticated arbitrary file upload vulnerability caused by improper error handling in RSA decryption and lack of path sanitization, letting unauthenticated attackers upload arbitrary PHP files and achieve remote code executi...

Exploit for CVE-2026-1357

PoC CVE-2026-1357: WPvivid Backup & Migration The Migration...

📄 WordPress WPvivid Backup and Migration 0.9.123 Shell Upload

A critical vulnerability in the WPvivid Backup and Migration plugin for WordPress allows unauthenticated attackers to upload arbitrary files, potentially resulting in remote code execution. The issue stems from a cryptographic fail‑open condition combined with insufficient file path validation...

WordPress plugin Migration, Backup, Staging – WPvivid Backup & Migration 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

PT-2026-7477

Name of the Vulnerable Software and Affected Versions Migration, Backup, Staging – WPvivid Backup & Migration versions prior to 0.9.124 Description The plugin is subject to an unauthenticated arbitrary file upload that can lead to remote code execution and full site takeover. This issue affects...