WPvivid Backup < 0.9.36 – Missing Authorization Leading To Database Leak | Plugin Vulnerabilities

Description

There is a missing authorization check in the WPvivid Backup plugin that can lead to the exposure of the database and all files of the WordPress site.

wp_ajax_wpvivid_add_remote does not check if the current user has the proper permission to execute the action to add a new remote backup location, nor does it (and many other AJAX actions in the plugin) contain a nonce check which causes a CSRF issue.

It allows any authenticated user, regardless of their user role, to add a new remote storage location and set it as the default backup location.

This means that the next time the backup runs, it will use this backup location and upload the backup to this location.

Affects Plugins

wpvivid-backuprestore

Fixed in 0.9.36

References

URL

https://www.webarxsecurity.com/vulnerability-in-wpvivid-backup-plugin-can-lead-to-database-leak/

Miscellaneous

Original Researcher

Dave

Submitter

WebARX

Submitter website

https://www.webarxsecurity.com

Submitter twitter

webarx_security

Verified

No

WPVDB ID

3114495b-c084-403b-be9b-219615db4c24

Timeline

Publicly Published

2020-03-23 (about 6 years ago)

Added

2020-03-23 (about 6 years ago)

Last Updated

2020-03-24 (about 6 years ago)

Other

Published

Title

Published

2019-07-23

Title

WPS Limit Login <= 1.4.5 - Multiple Issues

Published

2019-05-22

Title

User Email Verification for WooCommerce < 3.4.0 - CSRF leading to Option Update

Published

2017-05-16

Title

LayerSlider <= 6.2.0 - CSRF / Authenticated Stored XSS & SQL Injection

Published

2019-12-25

Title

bbPress Login Register Links On Forum Topic Pages < 2.8.5 - CSRF to Stored XSS

Published

2014-09-17

Title

Google Maps Ready! 1.1.5 - CSRF & XSS