cleantalk
Vulnerabilities and Security Researches

Migration, Backup, Staging – WPvivid, CVE-2023-4637

CVE, Research URL

CVE-2023-4637

Home page URL

Security reports for Migration, Backup, Staging – WPvivid

Application

Migration, Backup, Staging – WPvivid

Published on
Feb 06, 2024
Research Description
The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore() and get_restore_progress() function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full file paths if they have access to a back-up ID.
Affected versions
Min -, max 0.9.95.
Status
vulnerable
Previous vulnerability researches
Migration, Backup, Staging – WPvivid (CVE-2022-27844) , Jun 07, 2024
Migration, Backup, Staging – WPvivid (CVE-2021-24994) , Jun 07, 2024
Migration, Backup, Staging – WPvivid (CVE-2022-2442) , Jun 07, 2024
Migration, Backup, Staging – WPvivid (CVE-2022-2863) , Jun 07, 2024
Migration, Backup, Staging – WPvivid (CVE-2022-0531) , Jun 07, 2024
New vulnerability
Aviation Weather from NOAA (CVE-2025-28980) , Jul 04, 2025
WP Map Block – Gutenberg Map Block for Google Map and OpenStreet Map (CVE-2025-5194) , Jul 04, 2025
Amazon Products to WooCommerce (CVE-2025-5817) , Jul 04, 2025
WP-Recall – Registration, Profile, Commerce & More (CVE-2025-49991) , Jul 04, 2025
WP-Recall – Registration, Profile, Commerce & More (CVE-2025-52796) , Jul 04, 2025