Unauthorized Access to Data in WPvivid Plugin Due to Missing Capability Check
CVE-2023-4637
4.3MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 5 February 2024
What is CVE-2023-4637?
The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore() and get_restore_progress() function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full file paths if they have access to a back-up ID.
Affected Version(s)
Migration, Backup, Staging – WPvivid * <= 0.9.94