CVE-2020-36835 MEDIUM

CVE-2020-36835: Migration, Backup, Staging – WPvivid <= 0.9.35 - Sensitive Information Disclosure

Vendor Wpvividplugins

Product WPvivid — Backup, Migration & Staging

Weakness CWE-200 · Info exposure

Published October 16, 2024

Last update April 8, 2026

View on NVD All CVEs

CVSS base score

4.9/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to sensitive information disclosure of a WordPress site's database due to missing capability checks on the wp_ajax_wpvivid_add_remote AJAX action that allows low-level authenticated attackers to send back-ups to a remote location of their choice for review. This affects versions up to, and including 0.9.35.

Key dates

02Disclosure timeline

October 16, 2024 CVE published

April 8, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-36835

Related vulnerabilities

Identifiers

CVE CVE-2020-36835

CWE CWE-200

CVSS 4.9 / MEDIUM

Affected versions