Discord Server Red Security Twitter Donation to Red Security Red Security Youtube Channel Red Security Tumblr Profile
Windscribe
Login or Register to Hide ads and Accessing all features on the forum
Thread Rating:
  • 1 Vote(s) - 4 Average
  • 1
  • 2
  • 3
  • 4
  • 5
News Vulnerability In WPvivid Backup Plugin Could Expose Files Of WordPress Sites
#1
Rainbow 
In The Name OF Allah
Al-Salam Alekum

[Image: WordPress-plugin.png]

Hey guys looks like WP came back again with a big hole lol!

Quote:Reportedly, the security team from WebARX found a vulnerability in the WPvivid Backup WordPress plugin. As stated in their advisory, the critical flaw could allow an authenticated user to meddle with the default backup location.

The most critical registered wp_ajax action that does not have an authorization check would be wp_ajax_wpvivid_add_remote.

It allows any authenticated user, regardless of their user role, to add a new remote storage location and set it as the default backup location.

This would result in the backup being made on the new default location set up by the attacker upon execution of the plugin.


This not only causes an unwanted exposure of sensitive data files of the website but may also cause data loss. Likewise, this would also allow the adversary to lure a site admin to execute an action from the plugin.



The Source
Wa Salam Alekum
Rs
* Thankful to Allah *
Kurdy
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
Smile News Critical Vulnerability In Bisq Crypto Exchange Exploited For Some Users Mr.Kurd 0 134 04-10-2020, 02:46 PM
Last Post: Mr.Kurd
Wink News A Twitter Bug Allowed Firefox To Store Cached Files Shared Via DMs Mr.Kurd 0 205 04-05-2020, 09:07 AM
Last Post: Mr.Kurd
Sad News Critical RCE Bug in WordPress Plugin Let Hackers Gain Admin Access on 200,000 Website Mr.Kurd 0 139 04-01-2020, 11:19 AM
Last Post: Mr.Kurd
Rainbow News Microsoft Alerts Users Of Zero-Day RCE Vulnerability In Windows 7 Under Active Exploi Mr.Kurd 0 217 03-26-2020, 09:03 AM
Last Post: Mr.Kurd
Thumbs Down News Slack Vulnerability Allowing Account Takeovers Mr.Kurd 0 149 03-17-2020, 08:11 PM
Last Post: Mr.Kurd
Exclamation News A vulnerability that Allows Hackers to Hijack Facebook Accounts Mr.Kurd 0 186 03-04-2020, 07:17 AM
Last Post: Mr.Kurd
Brick News OpenSMTPD Email Server Vulnerability Threatens Many Linux and BSD Systems Mr.Kurd 0 162 03-02-2020, 08:40 PM
Last Post: Mr.Kurd
Exclamation News Hackers are actively exploiting zero-days in several WordPress plugins Mr.Kurd 0 166 03-02-2020, 07:59 AM
Last Post: Mr.Kurd
  News Bug in WordPress plugin can let hackers wipe up to 200,000 sites Mr.Kurd 0 230 02-17-2020, 08:33 PM
Last Post: Mr.Kurd
  News Urgent !! Windows User Urged to Patch A Critical Crypto Vulnerability on Windows 10 Mr.Kurd 1 208 01-15-2020, 11:38 AM
Last Post: poolclosed



Users browsing this thread: 1 Guest(s)