Sensitive Information Disclosure Vulnerability in WPvivid Plugin
CVE-2020-36835

6.5MEDIUM

Key Information:

Vendor: Wordpress
Status: Migration, Backup, Staging – WPvivid
Vendor: CVE Published:; 16 October 2024

What is CVE-2020-36835?

The WPvivid Backup Plugin for WordPress has a security vulnerability that permits the disclosure of sensitive information stored within the WordPress database. This weakness arises from inadequate capability checks on the wp_ajax_wpvivid_add_remote AJAX action, allowing authenticated users with low-level permissions to transmit backups to any remote location. Consequently, those attackers could potentially access sensitive data from the WordPress site, thereby compromising the integrity and confidentiality of the stored information. Versions of the plugin up to and including 0.9.35 are impacted.

Affected Version(s)

Migration, Backup, Staging – WPvivid * < 0.9.36

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://www.webarxsecurity.com/vulnerability-in-wpvivid-b...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 16, 2024
Vulnerability Reserved
Oct 15, 2024

Credit

WebARX Security