Unauthenticated Access Vulnerability in WPvivid WordPress Plugin

Unauthenticated Access Vulnerability in WPvivid WordPress Plugin

CVE-2023-4637 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore() and get_restore_progress() function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full file paths if they have access to a back-up ID.

Learn more about our Wordpress Pen Testing.