Vulnerabilities > Wpvivid
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-07 | CVE-2024-56273 | Missing Authorization vulnerability in Wpvivid Migration, Backup, Staging Missing Authorization vulnerability in WPvivid Backup & Migration WPvivid Backup and Migration allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPvivid Backup and Migration: from n/a through 0.9.106. | 9.8 |
| 2024-10-16 | CVE-2020-36842 | Unrestricted Upload of File with Dangerous Type vulnerability in Wpvivid Migration, Backup, Staging The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the wpvivid_upload_import_files and wpvivid_upload_files AJAX actions that allows low-level authenticated attackers to upload zip files that can be subsequently extracted. | 8.8 |
| 2024-10-16 | CVE-2020-36835 | Missing Authorization vulnerability in Wpvivid Migration, Backup, Staging The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to sensitive information disclosure of a WordPress site's database due to missing capability checks on the wp_ajax_wpvivid_add_remote AJAX action that allows low-level authenticated attackers to send back-ups to a remote location of their choice for review. | 6.5 |
| 2024-06-04 | CVE-2024-35664 | Unspecified vulnerability in Wpvivid Backup for Mainwp Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPvivid Team WPvivid Backup for MainWP allows Reflected XSS.This issue affects WPvivid Backup for MainWP: from n/a through 0.9.32. | 6.1 |
| 2024-02-29 | CVE-2024-1981 | SQL Injection vulnerability in Wpvivid Migration, Backup, Staging The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to SQL Injection via the 'table_prefix' parameter in version 0.9.68 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.1 |
| 2024-02-29 | CVE-2024-1982 | SQL Injection vulnerability in Wpvivid Migration, Backup, Staging The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the get_restore_progress() and restore() functions in all versions up to, and including, 0.9.68. | 9.1 |
| 2024-02-05 | CVE-2023-4637 | Missing Authorization vulnerability in Wpvivid Migration, Backup, Staging The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore() and get_restore_progress() function in versions up to, and including, 0.9.94. | 5.3 |
| 2023-10-20 | CVE-2023-5121 | Cross-site Scripting vulnerability in Wpvivid Migration, Backup, Staging The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings (the backup path parameter) in versions up to, and including, 0.9.89 due to insufficient input sanitization and output escaping. | 4.8 |
| 2023-10-20 | CVE-2023-4274 | Path Traversal vulnerability in Wpvivid Migration, Backup, Staging The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 0.9.89. | 6.5 |
| 2023-10-20 | CVE-2023-5120 | Cross-site Scripting vulnerability in Wpvivid Migration, Backup, Staging The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image file path parameter in versions up to, and including, 0.9.89 due to insufficient input sanitization and output escaping. | 4.8 |