Vulnerabilities > CVE-2022-2863 - Unspecified vulnerability in Wpvivid Migration, Backup, Staging
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack
Vulnerable Configurations
References
- http://packetstormsecurity.com/files/168616/WordPress-WPvivid-Backup-Path-Traversal.html
- http://packetstormsecurity.com/files/168616/WordPress-WPvivid-Backup-Path-Traversal.html
- http://seclists.org/fulldisclosure/2022/Oct/0
- http://seclists.org/fulldisclosure/2022/Oct/0
- https://wpscan.com/vulnerability/cb6a3304-2166-47a0-a011-4dcacaa133e5
- https://wpscan.com/vulnerability/cb6a3304-2166-47a0-a011-4dcacaa133e5