Description
WordPress Plugin Migration, Backup, Staging-WPvivid is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently add a new remote storage location and set it as the default backup location. WordPress Plugin Migration, Backup, Staging-WPvivid version 0.9.35 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 0.9.36 or latest
References
Related Vulnerabilities
Apache HTTP Server Cryptographic Issues Vulnerability (CVE-2009-3555)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-2935)
WordPress Plugin Integration for Contact Form 7 and Infusionsoft Cross-Site Scripting (1.1.2)
PHP Other Vulnerability (CVE-2007-1475)
Beego Framework Incorrect Default Permissions Vulnerability (CVE-2019-16355)