VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 26 known issues Latest disclosed Feb 10, 2026

WPvivid — Backup, Migration & Staging Vulnerabilities

Review known vulnerability records for the WordPress plugin WPvivid — Backup, Migration & Staging (`wpvivid-backuprestore`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-1357, CVE-2025-12654 and CVE-2025-5961, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
26
High or Critical
12
Patch Coverage
100%
Last Updated
Feb 11, 2026
Priority CVE Quick Links

Fast paths into WPvivid — Backup, Migration & Staging CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
23
CVE-2026-1357 Critical 0.9.124
CVE-2026-1357 WPvivid — Backup, Migration & Staging Remote Code Execution

Migration, Backup, Staging <= 0.9.123 - Unauthenticated Arbitrary File Upload

CVE-2024-1981 Critical 0.9.69
CVE-2024-1981 WPvivid — Backup, Migration & Staging SQL Injection

WPvivid Backup and Migration <= 0.9.68 - Unauthenticated SQL Injection

CVE-2024-10962 High 0.9.108
CVE-2024-10962 WPvivid — Backup, Migration & Staging Vulnerability

Migration, Backup, Staging – WPvivid <= 0.9.107 - Unauthenticated PHP Object Injection

CVE-2020-36842 High 0.9.36
CVE-2020-36842 WPvivid — Backup, Migration & Staging Arbitrary File Upload

Migration, Backup, Staging – WPvivid <= 0.9.35 - Authenticated (Subscriber+) Arbitrary File Upload

CVE-2023-4274 High 0.9.90
CVE-2023-4274 WPvivid — Backup, Migration & Staging Vulnerability

Migration, Backup, Staging – WPvivid <= 0.9.89 - Authenticated (Administrator+) Arbitrary Directory Deletion via Path Traversal

CVE-2023-41243 High 0.9.91
CVE-2023-41243 WPvivid — Backup, Migration & Staging Vulnerability

WPvivid Backup Plugin <= 0.9.90 - Missing Authorization via 'start_staging' and 'get_staging_progress'

CVE-2023-5576 High 0.9.92
CVE-2023-5576 WPvivid — Backup, Migration & Staging Sensitive Information Exposure

Migration, Backup, Staging – WPvivid <= 0.9.91 - Google Drive Client Secret Exposure

CVE-2024-7315 High 0.9.106
CVE-2024-7315 WPvivid — Backup, Migration & Staging Sensitive Information Exposure

Migration, Backup, Staging – WPvivid <= 0.9.105 - Sensitive Information Exposure

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for WPvivid — Backup, Migration & Staging so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
26 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
2 critical and 10 high severity findings.
Recent CVEs
CVE-2026-1357, CVE-2025-12654 and CVE-2025-5961
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for WPvivid — Backup, Migration & Staging

Sorted by latest disclosure date so newly published issues surface first.

Plugin Critical Patched: Yes CVE-2026-1357
CVE-2026-1357: Migration, Backup, Staging <= 0.9.123 - Unauthenticated Arbitrary File Upload

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path sanit...

Published
Feb 10, 2026
Patched Release
0.9.124
Affected Versions
Versions up to 0.9.123
Next Step
Update to 0.9.124 or newer if supported.
Open CVE-2026-1357 Report Open CVE Reference
Plugin Low Patched: Yes CVE-2025-12654
CVE-2025-12654: Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.120 - Authenticated (Admin+) Arbitrary Directory Creation

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory creation in all versions up to, and including, 0.9.120. This is due to the check_filesystem_permissions() function not properly restricting the directories that c...

Published
Dec 20, 2025
Patched Release
0.9.121
Affected Versions
Versions up to 0.9.120
Next Step
Update to 0.9.121 or newer if supported.
Open CVE-2025-12654 Report Open CVE Reference
Plugin High Patched: Yes CVE-2025-5961
CVE-2025-5961: Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.116 - Authenticated (Administrator+) Arbitrary File Upload

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpvivid_upload_import_files' function in all versions up to, and including, 0.9.116. This makes it possible for aut...

Published
Jul 03, 2025
Patched Release
0.9.117
Affected Versions
Versions up to 0.9.116
Next Step
Update to 0.9.117 or newer if supported.
Open CVE-2025-5961 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-13869
CVE-2024-13869: Migration, Backup, Staging – WPvivid <= 0.9.112 - Authenticated (Admin+) Arbitrary File Upload via wpvivid_upload_file

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload_files' function in all versions up to, and including, 0.9.112. This makes it possible for authenticated atta...

Published
Feb 21, 2025
Patched Release
0.9.113
Affected Versions
Versions up to 0.9.112
Next Step
Update to 0.9.113 or newer if supported.
Open CVE-2024-13869 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-56273
CVE-2024-56273: WPvivid Backup and Migration <= 0.9.106 - Missing Authorization

The WPvivid Backup and Migration plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the handle_auth_actions() function in versions up to, and including, 0.9.106. This makes it possible for unauthenticated attackers to connect their drop...

Published
Jan 03, 2025
Patched Release
0.9.107
Affected Versions
Versions up to 0.9.106
Next Step
Update to 0.9.107 or newer if supported.
Open CVE-2024-56273 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-10962
CVE-2024-10962: Migration, Backup, Staging – WPvivid <= 0.9.107 - Unauthenticated PHP Object Injection

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.9.107 via deserialization of untrusted input in the 'replace_row_data' and 'replace_serialize_data' functions. This makes it possible for un...

Published
Nov 13, 2024
Patched Release
0.9.108
Affected Versions
Versions up to 0.9.107
Next Step
Update to 0.9.108 or newer if supported.
Open CVE-2024-10962 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-7315
CVE-2024-7315: Migration, Backup, Staging – WPvivid <= 0.9.105 - Sensitive Information Exposure

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.9.105. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data by brute-forcing backu...

Published
Sep 11, 2024
Patched Release
0.9.106
Affected Versions
Versions up to 0.9.105
Next Step
Update to 0.9.106 or newer if supported.
Open CVE-2024-7315 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-3054
CVE-2024-3054: WPvivid Backup & Migration Plugin <= 0.9.99 - Authenticated (Admin+) PHAR Deserialization

WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR Deserialization in all versions up to, and including, 0.9.99 via deserialization of untrusted input at the wpvividstg_get_custom_exclude_path_free action. This is due to the plugin not providing sufficient path...

Published
Apr 11, 2024
Patched Release
0.9.100
Affected Versions
Versions up to 0.9.99
Next Step
Update to 0.9.100 or newer if supported.
Open CVE-2024-3054 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2024-1981
CVE-2024-1981: WPvivid Backup and Migration <= 0.9.68 - Unauthenticated SQL Injection

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to SQL Injection via the 'table_prefix' parameter in version 0.9.68 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

Published
Feb 28, 2024
Patched Release
0.9.69
Affected Versions
0.9.68 through 0.9.68
Next Step
Update to 0.9.69 or newer if supported.
Open CVE-2024-1981 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-1982
CVE-2024-1982: WPvivid Backup and Migration <= 0.9.68 - Missing Authorization

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the get_restore_progress() and restore() functions in all versions up to, and including, 0.9.68. This makes it possible for unauthenticated atta...

Published
Feb 28, 2024
Patched Release
0.9.69
Affected Versions
Versions up to 0.9.68
Next Step
Update to 0.9.69 or newer if supported.
Open CVE-2024-1982 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-4637
CVE-2023-4637: WPvivid <= 0.9.94 - Missing Authorization

The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore() and get_restore_progress() function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these func...

Published
Jan 19, 2024
Patched Release
0.9.95
Affected Versions
Versions up to 0.9.94
Next Step
Update to 0.9.95 or newer if supported.
Open CVE-2023-4637 Report Open CVE Reference
Plugin High Patched: Yes CVE-2023-5576
CVE-2023-5576: Migration, Backup, Staging – WPvivid <= 0.9.91 - Google Drive Client Secret Exposure

The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 0.9.91 via Google Drive API secrets stored in plaintext in the publicly visible plugin source. This could allow unauthenticated attacker...

Published
Oct 13, 2023
Patched Release
0.9.92
Affected Versions
Versions up to 0.9.91
Next Step
Update to 0.9.92 or newer if supported.
Open CVE-2023-5576 Report Open CVE Reference