Webarx Security

**Name of the Vulnerable Software and Affected Versions** Migration, Backup, Staging – WPvivid plugin for WordPress versions up to, and including 0.9.35 **Description** The issue is related to arbitrary file uploads due to a missing capability check on the `wpvivid upload import files` and `wpvivid upload files` AJAX actions. This allows low-level authenticated attackers to upload zip files that can be subsequently extracted, potentially leading to database leaks. **Recommendations** For versions up to, and including 0.9.35, update to the latest version to secure your site and mitigate the risk of arbitrary file uploads. As a temporary workaround, consider restricting access to the `wpvivid upload import files` and `wpvivid upload files` AJAX actions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Migration, Backup, Staging – WPvivid plugin for WordPress versions up to, and including 0.9.35 **Description** The issue concerns sensitive information disclosure of a WordPress site's database due to missing capability checks on the `wp ajax wpvivid add remote` AJAX action. This allows low-level authenticated attackers to send backups to a remote location of their choice for review. **Recommendations** For versions up to, and including 0.9.35, update to the latest version immediately to secure the site. As a temporary workaround, consider restricting access to the `wp ajax wpvivid add remote` AJAX action until the update is applied.