Description
WordPress Plugin Migration, Backup, Staging-WPvivid is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to delete arbitrary files in the context of the webserver process. WordPress Plugin Migration, Backup, Staging-WPvivid version 0.9.76 is vulnerable.
Remediation
Update to plugin version 0.9.77 or latest
References
https://wpscan.com/vulnerability/605bc4bf-0a26-4d77-8e0c-cdc5fb58b817
https://plugins.svn.wordpress.org/wpvivid-backuprestore/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Data Tables Generator by Supsystic Multiple Vulnerabilities (1.9.91)
WordPress Plugin WP Open Graph Cross-Site Request Forgery (1.6.1)
WordPress Plugin Anti-Malware Security and Brute-Force Firewall Cross-Site Scripting (1.2.05.20)
WordPress Plugin Contact Form Entries-Contact Form 7, WPforms and more Cross-Site Scripting (1.1.6)