WordPress Plugin Vulnerabilities

WPvivid Backup and Migration < 0.9.107 - Missing Authorization

Description

The plugin is vulnerable to unauthorized access due to a missing capability check on the handle_auth_actions() function. This makes it possible for unauthenticated attackers to connect their dropbox account.

Affects Plugins

Plugin icon
wpvivid-backuprestore
Fixed in 0.9.107

References

CVE
CVE-2024-56273
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/3826e2f8-3d91-4e07-84c8-8c88b374764b

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
23b87d28-d102-4c5c-9386-f8cb9fd52103

Timeline

Publicly Published
2025-01-03 (about 1 year ago)
Added
2025-01-13 (about 1 year ago)
Last Updated
2025-01-13 (about 1 year ago)

Other

Published
Title
Published
2024-05-03
Title
ShopLentor (formerly WooLentor) < 2.8.8 - Missing Authorization
Published
2024-12-05
Title
AI Quiz | Quiz Maker <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
Published
2025-04-24
Title
Bulk Assign Linked Products For WooCommerce <= 2.1 - Missing Authorization
Published
2025-10-23
Title
Originality.ai AI Checker <= 1.0.16 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'ai_get_table'
Published
2024-10-24
Title
WPS Telegram Chat <= 4.6.0 - Missing Authorization to Information Exposure