Unauthorized Access Vulnerability in WPvivid Plugin Could Lead to SQL Injection or DoS
CVE-2024-1982
6.5MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 29 February 2024
What is CVE-2024-1982?
The WPvivid Backup and Migration plugin for WordPress has a flaw that permits unauthorized access due to a lack of proper capability checks in its get_restore_progress() and restore() functions. This vulnerability affects all versions up to and including 0.9.68. As a result, unauthorized users can exploit this weakness, potentially leading to SQL injection attacks or triggering denial-of-service conditions that could disrupt normal operations.
Affected Version(s)
WPvivid β Backup, Migration & Staging 0 <= 0.9.68