CVE-2024-1982

Name of the Vulnerable Software and Affected Versions Migration, Backup, Staging – WPvivid plugin for WordPress versions up to, and including, 0.9.68

Description The issue is related to a missing capability check on the get restore progress() and restore() functions, allowing unauthorized access. This makes it possible for unauthenticated attackers to exploit a SQL injection vulnerability or trigger a Denial of Service (DoS).

Recommendations For versions up to, and including, 0.9.68, update to a version higher than 0.9.68 to resolve the issue. As a temporary workaround, consider disabling the get restore progress() and restore() functions until a patch is available.