Critical RCE Vulnerability in WPvivid Plugin Affects 900,000 WordPress Sites

Critical RCE Vulnerability in WPvivid Plugin Affects 900,000 WordPress Sites

First seen 12 Feb 2026, 21:16 UTC CybersecuritynewsBleepingcomputerFacebookScworldTechradar+4 83% similarity 65.6

Article Content

Browse articles
ThreatCluster

A critical vulnerability in the WPvivid Backup & Migration plugin, affecting over 900,000 WordPress sites, allows unauthenticated attackers to upload files and execute code remotely. This flaw, tracked as CVE-2026-1357, has a severity score of 9.8 and impacts all versions up to 0.9.123. A fix is reportedly available.

ThreatCluster AI

Timeline

2026-02-11
CVE-2026-1357 published
2026-02-11
First public PoC released
2026-02-12
Articles published detailing the vulnerability

Community

Browse all →