cleantalk
Vulnerabilities and Security Researches

Migration, Backup, Staging – WPvivid, CVE-2020-36842

CVE, Research URL

CVE-2020-36842

Home page URL

Security reports for Migration, Backup, Staging – WPvivid

Application

Migration, Backup, Staging – WPvivid

Published on
Oct 16, 2024
Research Description
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the wpvivid_upload_import_files and wpvivid_upload_files AJAX actions that allows low-level authenticated attackers to upload zip files that can be subsequently extracted. This affects versions up to, and including 0.9.35.
Affected versions
Min -, max 0.9.36.
Status
vulnerable
Previous vulnerability researches
Migration, Backup, Staging – WPvivid (CVE-2022-27844) , Jun 07, 2024
Migration, Backup, Staging – WPvivid (CVE-2021-24994) , Jun 07, 2024
Migration, Backup, Staging – WPvivid (CVE-2022-2442) , Jun 07, 2024
Migration, Backup, Staging – WPvivid (CVE-2022-2863) , Jun 07, 2024
Migration, Backup, Staging – WPvivid (CVE-2022-0531) , Jun 07, 2024
New vulnerability
WooCommerce PDF Invoice Builder, Create invoices, packing slips and more (CVE-2025-53203) , Jul 04, 2025
Infility Global (CVE-2025-52774) , Jul 04, 2025
Additional Order Filters for WooCommerce (CVE-2025-53271) , Jul 04, 2025
Aviation Weather from NOAA (CVE-2025-28980) , Jul 04, 2025
WP Map Block – Gutenberg Map Block for Google Map and OpenStreet Map (CVE-2025-5194) , Jul 04, 2025