The WPvivid plugin for WordPress is vulnerable to...
Moderate severity
Unreviewed
Published
Feb 6, 2024
to the GitHub Advisory Database
•
Updated Feb 12, 2024
Description
Published by the National Vulnerability Database
Feb 5, 2024
Published to the GitHub Advisory Database
Feb 6, 2024
Last updated
Feb 12, 2024
The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore() and get_restore_progress() function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full file paths if they have access to a back-up ID.
References