Bleepingcomputer
Critical RCE Vulnerability in WPvivid Plugin Affects 900,000 WordPress Sites
First seen 12 Feb 2026, 21:16 UTC
•



+4
•83% similarity
•65.6
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
A critical vulnerability in the WPvivid Backup & Migration plugin, affecting over 900,000 WordPress sites, allows unauthenticated attackers to upload files and execute code remotely. This flaw, tracked as CVE-2026-1357, has a severity score of 9.8 and impacts all versions up to 0.9.123. A fix is reportedly available.
ThreatCluster AI
Timeline
2026-02-11
CVE-2026-1357 published
2026-02-11
First public PoC released
2026-02-12
Articles published detailing the vulnerability