CVE-2023-4274

HIGH 8.7

CVSS Score

8.7

EPSS Score

0.0%

EPSS Percentile

0th

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 0.9.89. This allows authenticated attackers with administrative privileges to delete the contents of arbitrary directories on the server, which can be a critical issue in a shared environments.

Vendor	wpvividplugins
Product	migration, backup, staging – wpvivid
Published	Oct 20, 2023
Last Updated	Feb 5, 2025

Stay Ahead of the Next One

Get instant alerts for wpvividplugins migration, backup, staging – wpvivid

Be the first to know when new high vulnerabilities affecting wpvividplugins migration, backup, staging – wpvivid are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

wpvividplugins / Migration, Backup, Staging – WPvivid

0.9.89

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/5d94f38f-4b52-4b0d-800c-a6fca40bda3c?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/tags/0.9.89/includes/class-wpvivid-setting.php#L200 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2956458%40wpvivid-backuprestore%2Ftrunk&old=2948265%40wpvivid-backuprestore%2Ftrunk&sfp_email=&sfph_mail=

Credits

Ivan Kuzymchak