cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2020-36842,https://securityvulnerability.io/vulnerability/CVE-2020-36842,Arbitrary File Upload Vulnerability in WPvivid Plugin,"The WPvivid Backup Plugin for WordPress is susceptible to an arbitrary file upload vulnerability because it lacks adequate capability checks on specific AJAX actions. This issue permits low-level authenticated users to upload zip files, which can be extracted on the server, potentially compromising the site. This vulnerability affects all versions up to and including 0.9.35, posing significant risks to the security of WordPress installations utilizing this plugin.",Wordpress,"Migration, Backup, Staging – WPvivid",8.8,HIGH,0.0006399999838322401,false,,false,false,false,,false,false,2024-10-16T07:31:53.613Z,0
CVE-2020-36835,https://securityvulnerability.io/vulnerability/CVE-2020-36835,Sensitive Information Disclosure Vulnerability in WPvivid Plugin,"The WPvivid Backup Plugin for WordPress has a security vulnerability that permits the disclosure of sensitive information stored within the WordPress database. This weakness arises from inadequate capability checks on the wp_ajax_wpvivid_add_remote AJAX action, allowing authenticated users with low-level permissions to transmit backups to any remote location. Consequently, those attackers could potentially access sensitive data from the WordPress site, thereby compromising the integrity and confidentiality of the stored information. Versions of the plugin up to and including 0.9.35 are impacted.",Wordpress,"Migration, Backup, Staging – WPvivid",4.9,MEDIUM,0.0005799999926239252,false,,false,false,false,,false,false,2024-10-16T06:43:36.927Z,0
CVE-2024-3054,https://securityvulnerability.io/vulnerability/CVE-2024-3054,Untrusted Input Vulnerability in WPvivid Backup & Migration Plugin for WordPress Allows Deserialization of Arbitrary PHP Objects,"The WPvivid Backup & Migration Plugin for WordPress contains a vulnerability stemming from improper path validation on the tree_node[node][id] parameter. This flaw allows authenticated attackers with admin-level access to exploit the deserialization of untrusted input through a PHAR wrapper. If the attacker combines this vulnerability with a potentially present PHP Object Pollution (POP) chain from other plugins or themes, they can execute arbitrary code, delete files, or extract sensitive information from the affected system.",Wordpress,"Migration, Backup, Staging – WPvivid",7.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-12T09:30:15.475Z,0
CVE-2024-1981,https://securityvulnerability.io/vulnerability/CVE-2024-1981,Unauthenticated SQL Injection Vulnerability in WPvivid Plugin,"The WPvivid Backup and Migration Plugin for WordPress, particularly in version 0.9.68, has a significant SQL Injection vulnerability linked to the 'table_prefix' parameter. This security flaw arises from inadequate escaping of user input and poor handling of SQL query preparation. As a result, unauthenticated attackers can manipulate existing SQL queries by injecting their own, potentially allowing them to extract sensitive information stored within the database. Website administrators using this plugin should take immediate steps to secure their applications and mitigate the risks associated with this vulnerability.",Wordpress,"Migration, Backup, Staging – WPvivid",9.1,CRITICAL,0.0008299999753944576,false,,false,false,false,,false,false,2024-02-29T06:47:57.610Z,0
CVE-2024-1982,https://securityvulnerability.io/vulnerability/CVE-2024-1982,Unauthorized Access Vulnerability in WPvivid Plugin Could Lead to SQL Injection or DoS,"The WPvivid Backup and Migration plugin for WordPress has a flaw that permits unauthorized access due to a lack of proper capability checks in its get_restore_progress() and restore() functions. This vulnerability affects all versions up to and including 0.9.68. As a result, unauthorized users can exploit this weakness, potentially leading to SQL injection attacks or triggering denial-of-service conditions that could disrupt normal operations.",Wordpress,"Migration, Backup, Staging – WPvivid",9.1,CRITICAL,0.0007600000244565308,false,,false,false,false,,false,false,2024-02-29T06:47:56.555Z,0
CVE-2023-4637,https://securityvulnerability.io/vulnerability/CVE-2023-4637,Unauthorized Access to Data in WPvivid Plugin Due to Missing Capability Check,"The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore() and get_restore_progress() function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full file paths if they have access to a back-up ID.",Wordpress,"Migration, Backup, Staging – WPvivid",4.3,MEDIUM,0.0014400000218302011,false,,false,false,false,,false,false,2024-02-05T21:21:59.862Z,0
CVE-2023-5121,https://securityvulnerability.io/vulnerability/CVE-2023-5121,Stored Cross-Site Scripting in WPvivid Plugin for WordPress,"The WPvivid Backup Plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping in the admin settings—specifically the backup path parameter. This flaw affects versions up to and including 0.9.89, enabling authenticated attackers with administrator-level permissions to inject arbitrary scripts. The injected scripts can execute whenever a user visits a compromised page. Notably, this vulnerability impacts multi-site installations and those configurations where unfiltered_html has been disabled.",Wordpress,"Migration, Backup, Staging – WPvivid",4.8,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2023-10-20T08:15:00.000Z,0
CVE-2023-5576,https://securityvulnerability.io/vulnerability/CVE-2023-5576,Sensitive Information Exposure in WPvivid Plugin for WordPress,"The WPvivid Backup, Staging, Migration plugin for WordPress suffers from a sensitive information exposure vulnerability. In versions up to and including 0.9.91, the plugin stores Google Drive API secrets in plaintext within its publicly accessible source code. This potentially allows unauthorized individuals to impersonate the WPvivid Google Drive account if users can be tricked into reauthenticating through social engineering or another attack vector. Addressing this issue is crucial to prevent unauthorized access to sensitive data.",Wordpress,"Migration, Backup, Staging – WPvivid",9.3,CRITICAL,0.0012700000079348683,false,,false,false,false,,false,false,2023-10-20T07:15:00.000Z,0
CVE-2023-5120,https://securityvulnerability.io/vulnerability/CVE-2023-5120,Stored Cross-Site Scripting Vulnerability in WPvivid Plugin for WordPress,"The WPvivid Backup Plugin for WordPress is prone to a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping in the image file path parameter. This flaw allows authenticated attackers with administrative access to execute arbitrary scripts on affected pages, potentially compromising user sessions and enabling further attacks. It is critical for users running versions up to and including 0.9.89 to apply updates promptly to mitigate risks.",Wordpress,"Migration, Backup, Staging – WPvivid",4.8,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2023-10-20T07:15:00.000Z,0
CVE-2023-4274,https://securityvulnerability.io/vulnerability/CVE-2023-4274,Directory Traversal Vulnerability in WPvivid Plugin for WordPress,"The WPvivid plugin for WordPress, up to version 0.9.89, is susceptible to a directory traversal vulnerability. This flaw permits authenticated users with administrative rights to traverse directories on the server, enabling them to delete files in arbitrary locations. Such exploitation can result in significant data loss and compromises server integrity, particularly in shared hosting environments. Therefore, website administrators should ensure they are using the latest version of the plugin to mitigate this risk.",Wordpress,"Migration, Backup, Staging – WPvivid",6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,false,false,2023-10-20T07:15:00.000Z,0
CVE-2022-2863,https://securityvulnerability.io/vulnerability/CVE-2022-2863,WPvivid Backup < 0.9.76 - Admin+ Arbitrary File Read,"The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack",Wordpress,"Migration, Backup, Staging – WPvivid",4.9,MEDIUM,0.5560299754142761,false,,false,false,false,,false,false,2022-09-16T00:00:00.000Z,0
CVE-2022-2442,https://securityvulnerability.io/vulnerability/CVE-2022-2442,"Migration, Backup, Staging – WPvivid <= 0.9.74 - Authenticated (Admin+) PHAR Deserialization","The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to deserialization of untrusted input via the   'path' parameter in versions up to, and including 0.9.74. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.",Wordpress,"Migration, Backup, Staging – WPvivid",7.2,HIGH,0.0026199999265372753,false,,false,false,false,,false,false,2022-09-06T17:18:57.000Z,0
CVE-2022-27844,https://securityvulnerability.io/vulnerability/CVE-2022-27844,WordPress WPvivid plugin <= 0.9.70 - Arbitrary File Read vulnerability,"Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging – WPvivid (WordPress plugin) versions <= 0.9.70",Wordpress,"Migration, Backup, Staging – WPvivid (WordPress Plugin)",2.7,LOW,0.0017000000225380063,false,,false,false,false,,false,false,2022-04-11T20:15:00.000Z,0
CVE-2022-0531,https://securityvulnerability.io/vulnerability/CVE-2022-0531,WPvivid Backup and Migration Plugin < 0.9.70 - Reflected Cross-Site Scripting,"The Migration, Backup, Staging WordPress plugin before 0.9.70 does not sanitise and escape the sub_page parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting",Wordpress,"Migration, Backup, Staging – WPvivid",6.1,MEDIUM,0.0007999999797903001,false,,false,false,false,,false,false,2022-04-11T14:40:47.000Z,0
CVE-2021-24994,https://securityvulnerability.io/vulnerability/CVE-2021-24994,WPvivid Backup and Migration Plugin < 0.9.69 - Unauthenticated Stored Cross-Site Scripting,"The Migration, Backup, Staging WordPress plugin before 0.9.69 does not have authorisation when adding remote storages, and does not sanitise as well as escape a parameter from such unauthenticated requests before outputting it in admin page, leading to a Stored Cross-Site Scripting issue",Wordpress,"Migration, Backup, Staging – WPvivid Backup And Migration Plugin",6.1,MEDIUM,0.0013200000394135714,false,,false,false,false,,false,false,2022-02-28T09:06:27.000Z,0