Discord Server Red Security Twitter Donation to Red Security Red Security Youtube Channel Red Security Tumblr Profile
Login or Register to Hide ads and Accessing all features on the forum
Navigation:   Red Security General News News Vulnerability In WPvivid Backup Plugin Could Expose Files Of WordPress Sites

News 

Vulnerability In WPvivid Backup Plugin Could Expose Files Of WordPress Sites

0 Replies, 1651 Views

Mr.Kurd

   04-01-2020, 11:11 AM
::1 Try me
Administrators
#1
Rainbow 
In The Name OF Allah
Al-Salam Alekum

[Image: WordPress-plugin.png]

Hey guys looks like WP came back again with a big hole lol!

Quote:Reportedly, the security team from WebARX found a vulnerability in the WPvivid Backup WordPress plugin. As stated in their advisory, the critical flaw could allow an authenticated user to meddle with the default backup location.

The most critical registered wp_ajax action that does not have an authorization check would be wp_ajax_wpvivid_add_remote.

It allows any authenticated user, regardless of their user role, to add a new remote storage location and set it as the default backup location.

This would result in the backup being made on the new default location set up by the attacker upon execution of the plugin.


This not only causes an unwanted exposure of sensitive data files of the website but may also cause data loss. Likewise, this would also allow the adversary to lure a site admin to execute an action from the plugin.



The Source
Wa Salam Alekum
Rs
* Thankful to Allah *
Kurdy

Possibly Related Threads…
Thread Author Replies Views Last Post
Star News WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug News 0 1,818 11-07-2020, 04:13 PM
Last Post: News
Star News Update Windows 10 to patch critical vulnerability in Microsoft store games News 0 1,783 11-06-2020, 04:22 AM
Last Post: News
Star News IoT Vulnerability Disclosure Platform Launched News 0 1,915 10-20-2020, 09:58 AM
Last Post: News
Star News Zerologon Vulnerability Used in APT Attacks News 0 1,679 10-07-2020, 11:12 AM
Last Post: News
Star News Vulnerability Disclosure Programs See Signups & Payouts Surge News 0 1,503 09-23-2020, 12:57 PM
Last Post: News
Star News Magento Sites Vulnerable to RCE Stemming From Magmi Plugin Flaws News 0 1,554 09-02-2020, 02:17 PM
Last Post: News
Star News Can Vulnerability Scanning Replace Penetration Testing? News 0 1,602 08-30-2020, 02:08 AM
Last Post: News
Star News Vulnerability Volume Poised to Overwhelm Infosec Teams News 0 1,604 08-28-2020, 09:14 AM
Last Post: News
Star News Vulnerability Prioritization: Are You Getting It Right? News 0 2,259 08-10-2020, 07:33 PM
Last Post: News
Big Grin News Credit-Card Skimmer Has Unlikely Target: Microsoft ASP.NET Sites Mr.Kurd 0 1,586 07-08-2020, 10:13 AM
Last Post: Mr.Kurd



Users browsing this thread: 1 Guest(s)