Back

Critical RCE Vulnerability in WPvivid Plugin Affects 900,000 WordPress Sites

Severity: High (Score: 65.6)

Sources: Cybersecuritynews, Bleepingcomputer, Techradar, Scworld, Cyble

Summary

A critical vulnerability in the WPvivid Backup & Migration plugin, affecting over 900,000 WordPress sites, allows unauthenticated attackers to upload files and execute code remotely. This flaw, tracked as CVE-2026-1357, has a severity score of 9.8 and impacts all versions up to 0.9.123. A fix is reportedly available.

Key Entities

  • Zero-day Exploit (attack_type)
  • CVE-2026-1357 (cve)
  • T1190 - Exploit Public-Facing Application (mitre_attack)
  • T1505.003 - Web Shell (mitre_attack)
  • PHP (platform)
  • WordPress (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed