Migration, Backup, Staging – WPvivid < 0.9.92 – Unauthenticated Sensitive Information Exposure | CVE 2023-5576 | Plugin Vulnerabilities

Description

The Migration, Backup, Staging - WPvivid plugin for WordPress exposes sensitive information to unauthenticated users via Google Drive API secrets stored in plaintext in the publicly visible plugin source. This could allow unauthenticated attackers to impersonate the WPVivid Google Drive account via the API if they can trick a user into reauthenticating via another vulnerability or social engineering.

Affects Plugins

wpvivid-backuprestore

Fixed in 0.9.92

References

CVE

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Verified

No

WPVDB ID

ef7bf35c-1e02-48ab-b9cc-e1f435fe3f49

Timeline

Publicly Published

2023-10-13 (about 2 years ago)

Added

2023-10-20 (about 2 years ago)

Last Updated

2023-10-20 (about 2 years ago)

Other

Published

Title

Published

2025-04-16

Title

Mediavine Control Panel < 2.10.7 - Unauthenticated Information Exposure

Published

2025-12-22

Title

WooCommerce - Subscriber/Customer+ Order Data Disclosure

Published

2024-08-08

Title

Obfuscate Email <= 3.8.1 - Unauthenticated Full Path Disclosure

Published

2026-04-23

Title

WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce < 7.2.2 - Authenticated (Subscriber+) Information Exposure

Published

2025-09-26

Title

Download Manager < 3.3.26 - Unauthenticated Sensitive Information Exposure