Description
WordPress Plugin Migration, Backup, Staging-WPvivid is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to delete arbitrary files in the context of the webserver process. WordPress Plugin Migration, Backup, Staging-WPvivid version 0.9.76 is vulnerable.
Remediation
Update to plugin version 0.9.77 or latest
References
https://wpscan.com/vulnerability/605bc4bf-0a26-4d77-8e0c-cdc5fb58b817
https://plugins.svn.wordpress.org/wpvivid-backuprestore/trunk/readme.txt
Related Vulnerabilities
MySQL CVE-2019-2746 Vulnerability (CVE-2019-2746)
Plone CMS Improper Privilege Management Vulnerability (CVE-2020-7941)
WordPress Plugin Push Notifications for WordPress (Lite) Cross-Site Request Forgery (6.0)
Apache Tomcat Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2021-41079)