CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27844 – WordPress WPvivid plugin <= 0.9.70 - Arbitrary File Read vulnerability
https://notcve.org/view.php?id=CVE-2022-27844
07 Apr 2022 — Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging – WPvivid (WordPress plugin) versions <= 0.9.70 Una vulnerabilidad de lectura arbitraria de archivos en WPvivid Team Migration, Backup, Staging - WPvivid (plugin de WordPress) versiones anteriores a 0.9.70 incluyéndola • https://patchstack.com/database/vulnerability/wpvivid-backuprestore/wordpress-wpvivid-plugin-0-9-70-arbitrary-file-read-vulnerability • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0531 – WPvivid Backup and Migration Plugin < 0.9.70 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-0531
21 Mar 2022 — The Migration, Backup, Staging WordPress plugin before 0.9.70 does not sanitise and escape the sub_page parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting El plugin Migration, Backup, Staging de WordPress versiones anteriores a 0.9.70, no sanea ni escapa del parámetro sub_page antes de devolverlo a la página, conllevando a un problema de tipo Cross-Site Scripting Reflejado The Migration, Backup, Staging WordPress plugin before 0.9.70 does not sanitise and escape the... • https://wpscan.com/vulnerability/ac5c2a5d-09b6-470b-a598-2972183413ca • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 1CVE-2021-24994 – WPvivid Backup and Migration Plugin < 0.9.69 - Unauthenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24994
31 Jan 2022 — The Migration, Backup, Staging WordPress plugin before 0.9.69 does not have authorisation when adding remote storages, and does not sanitise as well as escape a parameter from such unauthenticated requests before outputting it in admin page, leading to a Stored Cross-Site Scripting issue El plugin Migration, Backup, Staging de WordPress versiones anteriores a 0.9.69, no presenta autorización cuando añade almacenamientos remotos, y no sanea ni escapa un parámetro de tales peticiones no autenticadas antes de ... • https://wpscan.com/vulnerability/ea74257a-f6b0-49e9-a81f-53c0eb81b1da • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •