Vulnerabilities and security researches forwpvivid-backup-mainwp wpvivid-backup-mainwp

Jun 16, 2026

CVE, Research URL: ec00cf2f6a6757dc3371250c1689bf0e482f89f9
Home page URL: Security reports for WPvivid Backup for MainWP
Application: WPvivid Backup for MainWP
Date: -
Research Description: WPvivid Backup for MainWP [wpvivid-backup-mainwp] < 0.9.34 WordPress WPvivid Backup for MainWP Plugin <= 0.9.33 is vulnerable to Cross Site Scripting (XSS) Update the WordPress WPvivid Backup for MainWP plugin to the latest available version (at least 0.9.34). Khayal Farzaliyev (shaman0x01) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress WPvivid Backup for MainWP Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 0.9.34. Have additional information or questions about this entry? Get in touch.
Affected versions: max 0.9.34.
Status: vulnerable

CVE, Research URL: 2c3fbbc425bd92d0f969e669e6a4b8564997aa02
Home page URL: Security reports for WPvivid Backup for MainWP
Application: WPvivid Backup for MainWP
Date: Apr 05, 2024
Research Description: WPvivid Backup for MainWP [wpvivid-backup-mainwp] < 0.9.34 WPvivid Backup for MainWP <= 0.9.33 - Authenticated (Admin+) Stored Cross-Site Scripting The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.9.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions: max 0.9.34.
Status: vulnerable

Jun 06, 2024

CVE, Research URL: CVE-2024-35664
Home page URL: Security reports for WPvivid Backup for MainWP
Application: WPvivid Backup for MainWP
Date: Jun 04, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpvividplugins WPvivid Backup for MainWP wpvivid-backup-mainwp allows Reflected XSS.This issue affects WPvivid Backup for MainWP: from n/a through <= 0.9.32.
Affected versions: max 0.9.33.
Status: vulnerable

CVE, Research URL: CVE-2024-1383
Home page URL: Security reports for WPvivid Backup for MainWP
Application: WPvivid Backup for MainWP
Date: Mar 13, 2024
Research Description: The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 0.9.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. CVE-2024-35664 is likely a duplicate of this issue.
Affected versions: max 0.9.33.
Status: vulnerable