Reflected Cross-Site Scripting Vulnerability in WPvivid Backup Plugin for WordPress
CVE-2024-1383

6.1MEDIUM

Key Information:

Vendor

WordPress
Status
WPvivid Backup For MainWP
Vendor
CVE Published:
13 March 2024

What is CVE-2024-1383?

The WPvivid Backup for MainWP plugin for WordPress suffers from a reflected cross-site scripting issue due to inadequate input sanitization and output escaping. This vulnerability affects all versions up to and including 0.9.32. It allows unauthenticated attackers to inject arbitrary web scripts through the 'id' parameter, which can be executed on user pages if they are tricked into interacting with a malicious link. Proper measures should be implemented to avoid such security threats.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WPvivid Backup for MainWP * <= 0.9.32

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/wpvivid-backup...
https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Krzysztof ZajÄ…c
JSON
.