cleantalk
Vulnerabilities and Security Researches

WPvivid Backup for MainWP, 2c3fbbc425bd92d0f969e669e6a4b8564997aa02

CVE, Research URL

2c3fbbc425bd92d0f969e669e6a4b8564997aa02

Home page URL

Security reports for WPvivid Backup for MainWP

Application

WPvivid Backup for MainWP

Published on
Apr 05, 2024
Research Description
WPvivid Backup for MainWP [wpvivid-backup-mainwp] < 0.9.34 WPvivid Backup for MainWP <= 0.9.33 - Authenticated (Admin+) Stored Cross-Site Scripting The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.9.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions
max 0.9.34.
Status
vulnerable
Previous vulnerability researches
My auctions allegro (CVE-2025-27009) , Apr 16, 2025
My auctions allegro (CVE-2024-11707) , Dec 06, 2024
My auctions allegro (CVE-2025-68567) , Jan 10, 2026
My auctions allegro (CVE-2025-68566) , Jan 10, 2026
My auctions allegro (CVE-2025-12851) , Dec 10, 2025
New vulnerability
Posts List Designer by Category &#8211; List Category Posts Or Recent Posts (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026
Posts List Designer by Category &#8211; List Category Posts Or Recent Posts (e7273a52d37b10c428e20c81e144ab0d172f52c8) , Jun 16, 2026
Stock Sync for WooCommerce (32b464c34b74a892762f56ea6c130c4a35d34abe) , Jun 16, 2026
Stock Sync for WooCommerce (23ffa51356546ca775585c4791fa3a9a9049f03b) , Jun 16, 2026
Order Minimum/Maximum Amount for WooCommerce (CVE-2025-47504) , Jun 16, 2026