WPvivid Backup < 0.9.36 - Missing Authorization Leading To Database Leak

There is a missing authorization check in the WPvivid Backup plugin that can lead to the exposure of the database and all files of the WordPress site.

wp_ajax_wpvivid_add_remote does not check if the current user has the proper permission to execute the action to add a new remote backup location, nor does it (and many other AJAX actions in the plugin) contain a nonce check which causes a CSRF issue.

It allows any authenticated user, regardless of their user role, to add a new remote storage location and set it as the default backup location.

This means that the next time the backup runs, it will use this backup location and upload the backup to this location.

Affects Plugin


URL https://www.webarxsecurity.com/vulnerability-in-wpvivid-backup-plugin-can-lead-to-database-leak/




Original Researcher Dave
Submitter WebARX
Submitter Website https://www.webarxsecurity.com
Submitter Twitter webarx_security
Views 1885
Verified No
WPVDB ID 10142


Publicly Published 2020-03-23 (4 months ago)
Added 2020-03-23 (4 months ago)
Last Updated 2020-03-24 (4 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin