CVE-2023-5576

Name of the Vulnerable Software and Affected Versions The Migration, Backup, Staging - WPvivid plugin for WordPress versions up to, and including, 0.9.91

Description The issue concerns Sensitive Information Exposure due to Google Drive API secrets being stored in plaintext within the publicly visible plugin source. This could allow unauthenticated attackers to impersonate the WPVivid Google Drive account via the API if they can trick a user into reauthenticating via another vulnerability or social engineering.

Recommendations For versions up to, and including, 0.9.91, update to a version higher than 0.9.91 to mitigate the risk of Sensitive Information Exposure. As a temporary workaround, consider restricting access to the Google Drive API until a patch is available. Avoid using the Google Drive API secrets in the plugin source until the issue is resolved.