Unauthorized Access Vulnerability in WPvivid Plugin Could Lead to SQL Injection or DoS
CVE-2024-1982
9.1CRITICAL
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 29 February 2024
What is CVE-2024-1982?
The WPvivid Backup and Migration plugin for WordPress has a flaw that permits unauthorized access due to a lack of proper capability checks in its get_restore_progress() and restore() functions. This vulnerability affects all versions up to and including 0.9.68. As a result, unauthorized users can exploit this weakness, potentially leading to SQL injection attacks or triggering denial-of-service conditions that could disrupt normal operations.
Affected Version(s)
Migration, Backup, Staging – WPvivid * <= 0.9.68