WPvivid Backup < 0.9.36 - Missing Authorization Leading To Database Leak



Description
There is a missing authorization check in the WPvivid Backup plugin that can lead to the exposure of the database and all files of the WordPress site.

wp_ajax_wpvivid_add_remote does not check if the current user has the proper permission to execute the action to add a new remote backup location, nor does it (and many other AJAX actions in the plugin) contain a nonce check which causes a CSRF issue.

It allows any authenticated user, regardless of their user role, to add a new remote storage location and set it as the default backup location.

This means that the next time the backup runs, it will use this backup location and upload the backup to this location.

Affects Plugin

References

URL https://www.webarxsecurity.com/vulnerability-in-wpvivid-backup-plugin-can-lead-to-database-leak/

Classification

Type MULTI

Miscellaneous

Original Researcher Dave
Submitter WebARX
Submitter Website https://www.webarxsecurity.com
Submitter Twitter webarx_security
Views 1007
Verified No
WPVDB ID 10142

Timeline

Publicly Published 2020-03-23 (11 days ago)
Added 2020-03-23 (10 days ago)
Last Updated 2020-03-24 (10 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin