Sensitive Information Disclosure Vulnerability in WPvivid Plugin

CVE-2020-36835

What is CVE-2020-36835?

The WPvivid Backup Plugin for WordPress has a security vulnerability that permits the disclosure of sensitive information stored within the WordPress database. This weakness arises from inadequate capability checks on the wp_ajax_wpvivid_add_remote AJAX action, allowing authenticated users with low-level permissions to transmit backups to any remote location. Consequently, those attackers could potentially access sensitive data from the WordPress site, thereby compromising the integrity and confidentiality of the stored information. Versions of the plugin up to and including 0.9.35 are impacted.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References