Login Sign Up

CVE-2023-4274

8.7 HIGH

📋 TL;DR

The WPvivid WordPress plugin up to version 0.9.89 contains a directory traversal vulnerability that allows authenticated administrators to delete arbitrary directories on the server. This affects WordPress sites using vulnerable versions of the WPvivid Migration, Backup, Staging plugin. The risk is highest in shared hosting environments where directory deletion could impact other sites.

💻 Affected Systems

Products:
  • WPvivid Migration, Backup, Staging WordPress Plugin
Versions: All versions up to and including 0.9.89
Operating Systems: All operating systems running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires administrative privileges in WordPress. Affects all WordPress installations with the vulnerable plugin enabled.

📦 What is this software?

Migration\, Backup\, Staging by Wpvivid

View all CVEs affecting Migration\, Backup\, Staging →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through deletion of critical system directories, leading to service disruption, data loss, and potential privilege escalation affecting all sites on shared hosting.

🟠

Likely Case

Malicious administrator or compromised admin account deletes website files, plugins, or configuration files causing site downtime and data loss.

🟢

If Mitigated

Limited to directory deletion within the WordPress installation if proper file permissions and isolation are configured.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires administrative access. The vulnerability is in the file deletion functionality with insufficient path validation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.9.90 and later

Vendor Advisory: https://wordpress.org/plugins/wpvivid-backuprestore/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Migration, Backup, Staging – WPvivid' and click 'Update Now'. 4. Alternatively, download version 0.9.90+ from WordPress.org and manually update.

🔧 Temporary Workarounds

Disable WPvivid Plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate wpvivid-backuprestore

Restrict Administrative Access

all

Limit WordPress administrative accounts to trusted users only

🧯 If You Can't Patch

  • Remove administrative privileges from untrusted users
  • Implement file system monitoring for unexpected directory deletions

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for WPvivid version. If version is 0.9.89 or lower, you are vulnerable.

Check Version:

wp plugin get wpvivid-backuprestore --field=version

Verify Fix Applied:

After updating, verify the plugin version shows 0.9.90 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • WordPress audit logs showing directory deletion events
  • Web server logs with POST requests to wpvivid deletion endpoints containing '../' patterns

Network Indicators:

  • HTTP POST requests to /wp-admin/admin-ajax.php with 'action=wpvivid_delete_file' containing path traversal sequences

SIEM Query:

source="wordpress.log" AND "wpvivid_delete_file" AND ("../" OR "..\")

📊 Metadata

CVE ID: CVE-2023-4274
CVSS v3 Score: 8.7 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
CWE: CWE-22
Published: October 20, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-4274, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)