WPvivid Backup & Migration <= 0.9.123 - Arbitrary File Upload

WPvivid Backup & Migration plugin for WordPress = 0.9.123 contains an unauthenticated arbitrary file upload vulnerability caused by improper error handling in RSA decryption and lack of path sanitization, letting unauthenticated attackers upload arbitrary PHP files and achieve remote code executi...

WordPress WPvivid Backup <0.9.76 - Local File Inclusion

WordPress WPvivid Backup version 0.9.76 is vulnerable to local file inclusion because the plugin does not sanitize and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server. id: CVE-2022-2863 info: name: WordPress...

WordPress WPvivid Backup & Migration Plugin <= 0.9.116 - Authenticated Arbitrary File Upload

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpvividuploadimportfiles' function in all versions up to, and including, 0.9.116. id: CVE-2025-5961 info: name: WordPress WPvivid...

CVE-2025-12656

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the deletecancelstagingsite function in all versions up to, and including, 0.9.128. This makes it possible for authenticated...

CVE-2025-12656 Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.128 - Authenticated (Admin+) Arbitrary Directory Deletion

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the deletecancelstagingsite function in all versions up to, and including, 0.9.128. This makes it possible for authenticated...

PT-2026-47066

Name of the Vulnerable Software and Affected Versions WPvivid Backup & Migration versions prior to 0.9.129 Description The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress allows authenticated attackers with Administrator-level access and above to delete arbitrary...

📄 WordPress WPvivid 0.9.123 Arbitrary File Write

This Metasploit module exploits an unauthenticated arbitrary file write vulnerability in the WPvivid Backup plugin used in WordPress websites. The vulnerability allows an attacker to send a specially crafted encrypted payload to the vulnerable endpoint using the parameter wpvividaction=sendtosite...

Exploit for CVE-2026-1357

🧨 CVE-2026-1357 – WPvivid Null-Key Exploit Tool CVE-2026-135...

📄 WordPress WPvivid Backup and Migration 0.9.123 Shell Upload

A critical vulnerability in the WPvivid Backup and Migration plugin for WordPress allows unauthenticated attackers to upload arbitrary files, potentially resulting in remote code execution. The issue stems from a cryptographic fail‑open condition combined with insufficient file path validation...

Exploit for CVE-2026-1357

CVE-2026-1357 — WPvivid Backup & Migration RCE CVE Credit...

Exploit for CVE-2026-1357

CVE-2026-1357 — WPvivid Backup & Migration RCE Unauthentica...

Exploit for CVE-2026-1357

CVE-2026-1357 WPvivid Backup & Migration RCE PoC Discovered...

CVE-2026-1357

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path sanitization when...

CVE-2026-1357 Migration, Backup, Staging <= 0.9.123 - Unauthenticated Arbitrary File Upload

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path sanitization when...

CVE-2026-1357

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path sanitization when...

CVE-2026-1357 Migration, Backup, Staging <= 0.9.123 - Unauthenticated Arbitrary File Upload

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path sanitization when...

800,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in WPvivid Backup WordPress Plugin

On January 12th, 2026, we received a submission for an Arbitrary File Upload vulnerability in WPvivid Backup, a WordPress plugin with more than 800,000 active installations. This vulnerability can be used by unauthenticated attackers to upload arbitrary files to a vulnerable site and achieve remo...

PT-2026-7477

Name of the Vulnerable Software and Affected Versions Migration, Backup, Staging – WPvivid Backup & Migration versions prior to 0.9.124 Description The plugin is subject to an unauthenticated arbitrary file upload that can lead to remote code execution and full site takeover. This issue affects...

WordPress WPvivid Backup & Migration plugin <= 0.9.120 - Authenticated (Admin+) Arbitrary Directory Creation vulnerability

Authenticated Admin+ Arbitrary Directory Creation vulnerability discovered by blue0x1 in WordPress Plugin WPvivid Backup and Migration versions = 0.9.120...

CVE-2025-12654

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory creation in all versions up to, and including, 0.9.120. This is due to the checkfilesystempermissions function not properly restricting the directories that can be created, or in...