CVE-2020-36842
Migration, Backup, Staging – WPvivid <= 0.9.35 - Authenticated (Subscriber+) Arbitrary File Upload
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the wpvivid_upload_import_files and wpvivid_upload_files AJAX actions that allows low-level authenticated attackers to upload zip files that can be subsequently extracted. This affects versions up to, and including 0.9.35.
El complemento Migration, Backup, Staging – WPvivid para WordPress es vulnerable a la carga de archivos arbitrarios debido a una verificación de capacidad faltante en las acciones AJAX wpvivid_upload_import_files y wpvivid_upload_files que permite a atacantes autenticados de bajo nivel cargar archivos zip que pueden extraerse posteriormente. Esto afecta a las versiones hasta la 0.9.35 incluida.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2020-03-13 CVE Published
- 2024-10-15 CVE Reserved
- 2024-10-16 CVE Updated
- 2025-03-04 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (4)
| URL | Date | SRC |
|---|---|---|
| https://github.com/Nxploited/CVE-2020-36842 | 2025-03-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Wpvividplugins Search vendor "Wpvividplugins" | Migration, Backup, Staging – WPvivid Search vendor "Wpvividplugins" for product "Migration, Backup, Staging – WPvivid" | <= 0.9.35 Search vendor "Wpvividplugins" for product "Migration, Backup, Staging – WPvivid" and version " <= 0.9.35" | en |
Affected
| ||||||