CVE-2020-36842

Name of the Vulnerable Software and Affected Versions Migration, Backup, Staging – WPvivid plugin for WordPress versions up to, and including 0.9.35

Description The issue is related to arbitrary file uploads due to a missing capability check on the wpvivid upload import files and wpvivid upload files AJAX actions. This allows low-level authenticated attackers to upload zip files that can be subsequently extracted, potentially leading to database leaks.

Recommendations For versions up to, and including 0.9.35, update to the latest version to secure your site and mitigate the risk of arbitrary file uploads. As a temporary workaround, consider restricting access to the wpvivid upload import files and wpvivid upload files AJAX actions until a patch is available.