VYPR

Migration\, Backup\, Staging

by WordPress

CVEs (6)

  • CVE-2022-2863Sep 16, 2022
    risk 0.01cvss epss 0.18

    The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack

  • CVE-2024-10962Nov 14, 2024
    risk 0.00cvss epss 0.01

    The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.9.107 via deserialization of untrusted input in the 'replace_row_data' and 'replace_serialize_data' functions. This makes it possible for…

  • CVE-2020-36835Oct 16, 2024
    risk 0.00cvss epss 0.01

    The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to sensitive information disclosure of a WordPress site's database due to missing capability checks on the wp_ajax_wpvivid_add_remote AJAX action that allows low-level authenticated attackers to send…

  • CVE-2024-7315Oct 2, 2024
    risk 0.00cvss epss 0.01

    The Migration, Backup, Staging WordPress plugin before 0.9.106 does not use sufficient randomness in the filename that is created when generating a backup, which could be bruteforced by attackers to leak sensitive information about said backups.

  • CVE-2022-0531Apr 11, 2022
    risk 0.00cvss epss 0.01

    The Migration, Backup, Staging WordPress plugin before 0.9.70 does not sanitise and escape the sub_page parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting

  • CVE-2021-24994Feb 28, 2022
    risk 0.00cvss epss 0.01

    The Migration, Backup, Staging WordPress plugin before 0.9.69 does not have authorisation when adding remote storages, and does not sanitise as well as escape a parameter from such unauthenticated requests before outputting it in admin page, leading to a Stored Cross-Site…