CVE-2022-2863

CVE-2022-2863: WPvivid Backup < 0.9.76 - Admin+ Arbitrary File Read

Vendor Unknown
Product Migration, Backup, Staging – WPvivid
Weakness CWE-22 · Path traversal
Published September 16, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack

Key dates

02Disclosure timeline

September 16, 2022 CVE published
August 3, 2024 Record updated