WordPress WPvivid Backup Plugin plugin <= 0.9.90 - Privilege Escalation on Staging Environment vulnerability

Vulnerability

The WPvivid Backup and Migration plugin for WordPress (versions through 0.9.90) contains an improper privilege management vulnerability. Under certain conditions, the plugin fails to properly enforce access controls, allowing low-privileged users to perform actions intended for higher-privileged roles. This affects the backup, migration, and staging functionalities.

Exploitation

An attacker with a subscriber-level account (or higher) can exploit this by sending crafted requests to the vulnerable endpoints. No additional authentication or user interaction is required beyond having a WordPress user account. The attack can be carried out remotely over HTTP.

Impact

Successful exploitation allows an attacker to escalate their privileges to administrator level. This could lead to full site compromise, including data theft, site defacement, or malware injection.

Mitigation

The vulnerability is fixed in version 0.9.91 and later releases. Users should update to the latest version (0.9.127 as of this writing) via the WordPress plugin repository. For sites that cannot be updated immediately, consider restricting access to the plugin's functionality for non-admin users [1].