Vulnerabilities > CVE-2020-36835 - Missing Authorization vulnerability in Wpvivid Migration, Backup, Staging
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to sensitive information disclosure of a WordPress site's database due to missing capability checks on the wp_ajax_wpvivid_add_remote AJAX action that allows low-level authenticated attackers to send back-ups to a remote location of their choice for review. This affects versions up to, and including 0.9.35.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/90c3f8bc-fc41-4ba7-b9f2-8873203d5794?source=cve
- https://www.webarxsecurity.com/vulnerability-in-wpvivid-backup-plugin-can-lead-to-database-leak/?fbclid=IwAR3Ve74ZIvmx-aC0OssIWYwcWEjGq6yU16DcyVGHD1XUT3uYaZ3QyVu_Eos&utm_content=buffer4435b&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2261665%40wpvivid-backuprestore%2Ftrunk&old=2252870%40wpvivid-backuprestore%2Ftrunk&sfp_email=&sfph_mail=