WordPress Plugin Vulnerabilities

WPvivid Backup and Migration Plugin < 0.9.71 - Admin+ Arbitrary File Download

Description

The plugin does not properly validates log files to be accessed, which could allow high privilege users such as admin to download arbitrary files on the server

Affects Plugins

Plugin icon
wpvivid-backuprestore
Fixed in 0.9.71

References

CVE
CVE-2022-27844

Classification

Type
FILE DOWNLOAD
OWASP top 10
A1: Injection
CWE
CWE-552
CVSS
2.7 (low)

Miscellaneous

Original Researcher
Muhammad Daffa
Verified
No
WPVDB ID
e15703bd-d23d-46fc-8fc9-a3c6d851df0a

Timeline

Publicly Published
2022-04-12 (about 3 years ago)
Added
2022-04-12 (about 3 years ago)
Last Updated
2022-04-17 (about 3 years ago)

Other

Published
Title
Published
2022-03-29
Title
uDraw < 3.3.3 - Unauthenticated Arbitrary File Access
Published
2025-11-20
Title
Import WP – Export and Import CSV and XML files to WordPress < 2.14.18 - Unauthenticated Information Exposure
Published
2025-11-10
Title
Auto Amazon Links – Amazon Associates Affiliate Plugin <= 5.4.3 - Unauthenticated Arbitrary File Read
Published
2022-01-10
Title
SEUR Oficial < 1.7.2 - Admin+ Arbitrary File Download
Published
2022-11-28
Title
Wholesale Market for WooCommerce < 1.0.8 - Admin+ Arbitrary File Download