Researchers Discovered a Serious Threatening Vulnerability in The WPvivid Backup Plugin

A vulnerability inside the Wpvivid Backup WordPress plugin was discovered by the WebARX security team. Like your advisory, an authenticated person ought to be able to mess with the default back up location by making it possible to add a brand-new, remote storage location to any authenticated user, no matter their user status


A vulnerability inside the Wpvivid Backup WordPress plugin was discovered by the WebARX security team. Like your advisory, an authenticated person ought to be able to mess with the default back up location by making it possible to add a brand-new, remote storage location to any authenticated user, no matter their user status.

It ensures that the current default region installation is backed up by the attacker when the update is executed. This will not make it easier to open the website records to sensitive information, but it may also lead to statistical losses. This also helps the adversary to catch a website administrator to perform a plugin push.

The researchers reached the developers to inform them about the bug when they found the vulnerability. Thus, with WPvivid Backup plugin release version zero. Nine.36, the team behind that plugin patched the malicious software. WPvivid Backup currently has over 40,000  active installations in conjunction with the plugin web page. In this way, the above-discussed CSRF vulnerability has potentially put many websites at risk.

As the patch is out, all online website administrators must make sure the updated plugin model has been set up.

0 Comments

Post a Comment

Post a Comment (0)

Previous Post Next Post