Security News > 2020 > March > WPvivid Backup Plugin Flaw Leads to WordPress Database Leak
2020-03-24 13:10
A vulnerability addressed recently in the WPvivid Backup Plugin could be exploited to obtain all files of a WordPress website, web security company WebARX reveals.
WPvivid Backup Plugin is a free and open-source plugin that allows users to easily backup, migrate, and restore their WordPress installations to new hosts, or send backups to remote storage.
This could be abused by an authenticated attacker to set the plugin to send the backup to an attacker-controlled location, which would result in the website's database and other files being sent to the attacker.
The security bug was discovered on February 28 and reported to the developer of the plugin on the same day.
A patched version of WPvivid Backup Plugin was released on March 17.