Security News

Cybersecurity news aggregator

🔓
CRITICAL Vulnerabilities Web Discovery

Critical vulnerability in WPvivid backup plugin allows remote code execution

wordpresswpvividcve-2026-1357cve-2026-1731kev-boosted
A critical remote code execution vulnerability (CVE-2026-1357) in the
Read Full Article →

Vulnerability Management , Patch/Configuration Management Critical vulnerability in WPvivid backup plugin allows remote code execution February 13, 2026 By SC Staff (Credit: Bilal Ulker – stock.adobe.com) Bleeping Computer reports that a critical vulnerability in the WPvivid Backup & Migration plugin, affecting over 900,000 WordPress websites, has been discovered. This flaw allows unauthenticated attackers to execute arbitrary code on a website. The vulnerability, tracked as CVE-2026-1357 with a severity score of 9.8, impacts all versions of the plugin up to 0.9.123. While the most critical impact is limited to sites with the "receive backup from another site" option enabled and a 24-hour exploitation window due to key validity, the plugin's common use for migrations means many administrators may enable this feature. The exploit stems from improper error handling in RSA decryption combined with a lack of path sanitization. When decryption fails, the plugin incorrectly generates a predictable key. Additionally, insufficient sanitization of uploaded filenames allows for directory traversal, enabling the upload of malicious PHP files for remote code execution. Website administrators are urged to update to version 0.9.124 immediately to mitigate the threat. Source: Bleeping Computer SC Staff Security Operations CISA adds SolarWinds, Microsoft, Apple, Notepad++ vulnerabilities to KEV catalog Laura French February 13, 2026 The Microsoft Configuration Manager vulnerability, patched in 2024, could enable RCE. Identity Actively exploited BeyondTrust RCE bug exposes identity infrastructure Steve Zurier February 13, 2026 Exploited BeyondTrust RCE (CVE-2026-1731) shows patch gaps in privileged access tools. Risk Assessments/Management Three ways to mitigate third-party risk in this new AI world Jeanette Miller-Osborn February 13, 2026 Here's a handy guide for managing third-party risk. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Related Terms Bug Buffer Overflow Disassembly You can skip this ad in 5 seconds

Related Articles

CRITICAL CVE-2026-1357 (CVSS 9.8) Hits WordPress Plugin With 900K Installs Web Discovery HIGH 800,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in WPvivid Backup WordPress Plugin Wordfence CRITICAL CVE-2026-1357 — Phpseclib +1 | dbugs Web Discovery CRITICAL Flaw in Windows shortcut abused by at least 11 threat groups Web Discovery
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn