Arbitrary File Upload Vulnerability in WPvivid Plugin
CVE-2020-36842
8.8HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 16 October 2024
What is CVE-2020-36842?
The WPvivid Backup Plugin for WordPress is susceptible to an arbitrary file upload vulnerability because it lacks adequate capability checks on specific AJAX actions. This issue permits low-level authenticated users to upload zip files, which can be extracted on the server, potentially compromising the site. This vulnerability affects all versions up to and including 0.9.35, posing significant risks to the security of WordPress installations utilizing this plugin.
Affected Version(s)
WPvivid β Backup, Migration & Staging 0 <= 0.9.35