WordPress.WPvivid.Backup.Plugin.file_name.Directory.Traversal
Description
This indicates an attack attempt to exploit a Directory Traversal Vulnerability in WordPress Project WPvivid Backup Plugin.
This vulnerability is due to the plugin does not validate the file_name parameter. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. A successful attack may result in arbitrary file read access in the security context of the web server.
Affected Products
WordPress Project WPvivid Backup Plugin before 0.9.76
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://en-ca.wordpress.org/plugins/wpvivid-backuprestore/#developers
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |