Unauthorized Access Vulnerability in WPvivid Plugin Could Lead to SQL Injection or DoS
CVE-2024-1982

9.1CRITICAL

Key Information:

Vendor: Wordpress
Status: Migration, Backup, Staging – WPvivid
Vendor: CVE Published:; 29 February 2024

Summary

The WPvivid Backup and Migration plugin for WordPress has a flaw that permits unauthorized access due to a lack of proper capability checks in its get_restore_progress() and restore() functions. This vulnerability affects all versions up to and including 0.9.68. As a result, unauthorized users can exploit this weakness, potentially leading to SQL injection attacks or triggering denial-of-service conditions that could disrupt normal operations.

Affected Version(s)

Migration, Backup, Staging – WPvivid * <= 0.9.68

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://research.hisolutions.com/2024/01/multiple-vulnera...

https://plugins.trac.wordpress.org/changeset?old_path=%2F...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 29, 2024
Vulnerability Reserved
Feb 28, 2024

Credit

Denis Werner