Researchers found a serious security vulnerability in the WPvivid Backup plugin threatening numerous WordPress sites. Upon exploitation, this plugin vulnerability could expose all files of the target website to an adversary.
WPvivid Backup Plugin Vulnerability
Reportedly, the security team from WebARX found a vulnerability in the WPvivid Backup WordPress plugin. As stated in their advisory, the critical flaw could allow an authenticated user to meddle with the default backup location.
The most critical registered
wp_ajax
action that does not have an authorization check would bewp_ajax_wpvivid_add_remote
.
It allows any authenticated user, regardless of their user role, to add a new remote storage location and set it as the default backup location.
This would result in the backup being made on the new default location set up by the attacker upon execution of the plugin.
This not only causes an unwanted exposure of sensitive data files of the website but may also cause data loss. Likewise, this would also allow the adversary to lure a site admin to execute an action from the plugin.
Developers Fixed The Bug
Upon finding the vulnerability, the researchers reached out to the developers to inform them of the flaw. Consequently, the team behind this plugin fixed the bug with the release of WPvivid Backup Plugin version 0.9.36.
According to the plugin page, WPvivid Backup presently has more than 40,000 active installations. It means that the CSRF vulnerability discussed above potentially risked the security of thousands of websites.
Regarding how the patch works, the researchers stated,
we can see that a call to
ajax_check_security
has been added to multiple places. This function checks the validity of the nonce token and checks the user role.
Since the patch is out, all respective site admins should make sure that they have installed the patched version of the plugin.
WPvivid Backup Plugin is a comprehensive solution for backup, restoration, and migration of WordPress sites.
Let us know your thoughts in the comments.