CVE-2022-2863: WordPress plugin WPvivid Backup in version 0.9.76 and lower, allows reading of arbitrary files from server
Developers of the plugin have patched and released an update correcting the glitch in a later version
CVE-2022-2863: WordPress plugin WPvivid Backup in version 0.9.76 and lower, allows reading of arbitrary files from server
Developers of the plugin have patched and released an update correcting the glitch in a later version
Among the research activities that are performed by Tempest Security Intelligence’s Technical Consulting team, a vulnerability present in a WordPress extension was found and reported. Through CVE-2022-2863, MITRE published the acknowledgment of this vulnerability in version 0.9.76 and previous in the WordPress plugin WPvivid Backup which allows reading arbitrary files from the server.
The WordPress Wpvivid Backup plugin is a solution that aims to make it easier to manage backups and migrations from these to new domains. The 0.9.76 version of the plugin is vulnerable to attacks known as Path Traversal.
The vulnerability was reported to the developers of the extension that was fixed in version 0.9.77.
The link below directs to CVE-2022-2863 with the log references of the vulnerability exploit found in versions of the WordPress WPvivid Backup plugin.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2863
Subscribe to our Newsletter