194 matches found
WordPress WPvivid Backup <0.9.76 - Local File Inclusion
WordPress WPvivid Backup version 0.9.76 is vulnerable to local file inclusion because the plugin does not sanitize and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server. id: CVE-2022-2863 info: name: WordPress...
WordPress WPvivid Backup & Migration Plugin <= 0.9.116 - Authenticated Arbitrary File Upload
The Migration, Backup, Staging β WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpvividuploadimportfiles' function in all versions up to, and including, 0.9.116. id: CVE-2025-5961 info: name: WordPress WPvivid...
WPvivid Backup & Migration <= 0.9.123 - Arbitrary File Upload
WPvivid Backup & Migration plugin for WordPress = 0.9.123 contains an unauthenticated arbitrary file upload vulnerability caused by improper error handling in RSA decryption and lack of path sanitization, letting unauthenticated attackers upload arbitrary PHP files and achieve remote code executi...
CVE-2026-15283 WPvivid Backup for MainWP <= 0.9.33 - Authenticated (Admin+) Stored Cross-Site Scripting
The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.9.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2026-15283
The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.9.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2025-12656
The Migration, Backup, Staging β WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the deletecancelstagingsite function in all versions up to, and including, 0.9.128. This makes it possible for authenticated...
CVE-2025-12656 Migration, Backup, Staging β WPvivid Backup & Migration <= 0.9.128 - Authenticated (Admin+) Arbitrary Directory Deletion
The Migration, Backup, Staging β WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the deletecancelstagingsite function in all versions up to, and including, 0.9.128. This makes it possible for authenticated...
PT-2026-47066
Name of the Vulnerable Software and Affected Versions WPvivid Backup & Migration versions prior to 0.9.129 Description The Migration, Backup, Staging β WPvivid Backup & Migration plugin for WordPress allows authenticated attackers with Administrator-level access and above to delete arbitrary...
π WordPress WPvivid 0.9.123 Arbitrary File Write
This Metasploit module exploits an unauthenticated arbitrary file write vulnerability in the WPvivid Backup plugin used in WordPress websites. The vulnerability allows an attacker to send a specially crafted encrypted payload to the vulnerable endpoint using the parameter wpvividaction=sendtosite...
Exploit for CVE-2026-1357
𧨠CVE-2026-1357 β WPvivid Null-Key Exploit Tool CVE-2026-135...
π WordPress WPvivid Backup and Migration 0.9.123 Shell Upload
A critical vulnerability in the WPvivid Backup and Migration plugin for WordPress allows unauthenticated attackers to upload arbitrary files, potentially resulting in remote code execution. The issue stems from a cryptographic failβopen condition combined with insufficient file path validation...
Exploit for CVE-2026-1357
CVE-2026-1357 β WPvivid Backup & Migration RCE CVE Credit...
Exploit for CVE-2026-1357
CVE-2026-1357 β WPvivid Backup & Migration RCE Unauthentica...
Exploit for CVE-2026-1357
CVE-2026-1357 WPvivid Backup & Migration RCE PoC Discovered...
CVE-2026-1357
The Migration, Backup, Staging β WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path sanitization when...
CVE-2026-1357 Migration, Backup, Staging <= 0.9.123 - Unauthenticated Arbitrary File Upload
The Migration, Backup, Staging β WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path sanitization when...
CVE-2026-1357 Migration, Backup, Staging <= 0.9.123 - Unauthenticated Arbitrary File Upload
The Migration, Backup, Staging β WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path sanitization when...
CVE-2026-1357
The Migration, Backup, Staging β WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path sanitization when...
800,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in WPvivid Backup WordPress Plugin
On January 12th, 2026, we received a submission for an Arbitrary File Upload vulnerability in WPvivid Backup, a WordPress plugin with more than 800,000 active installations. This vulnerability can be used by unauthenticated attackers to upload arbitrary files to a vulnerable site and achieve remo...
PT-2026-7477
Name of the Vulnerable Software and Affected Versions Migration, Backup, Staging β WPvivid Backup & Migration versions prior to 0.9.124 Description The plugin is subject to an unauthenticated arbitrary file upload that can lead to remote code execution and full site takeover. This issue affects...