GHSA-vf58-f3g2-9cv9LowCVSS 3.8

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to...

Published
June 6, 2026
Last Modified
June 6, 2026

🔗 CVE IDs covered (1)

📋 Description

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the delete_cancel_staging_site() function in all versions up to, and including, 0.9.128. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary folders on the server, which leads to a loss of data.

🔗 References (8)