CVE-2025-12654
LOW
2,7
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: high
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: low
Availability: none
Description
AI Translation Available
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory creation in all versions up to, and including, 0.9.120. This is due to the check_filesystem_permissions() function not properly restricting the directories that can be created, or in what location. This makes it possible for authenticated attackers, with Administrator-level access and above, to create arbitrary directories.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0001
Percentile
0,0th
Updated
EPSS Score Trend (Last 85 Days)
73
External Control of File Name or Path
DraftCommon Consequences
Security Scopes Affected:
Integrity
Confidentiality
Availability
Potential Impacts:
Read Files Or Directories
Modify Files Or Directories
Execute Unauthorized Code Or Commands
Dos: Crash, Exit, Or Restart
Dos: Resource Consumption (Other)
Applicable Platforms
Operating Systems:
Unix, Windows, macOS
https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/tags/0.9.120/i…
https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/tags/0.9.120/i…
https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/tags/0.9.120/i…
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&ol…
https://wordpress.org/plugins/wpvivid-backuprestore/
https://www.wordfence.com/threat-intel/vulnerabilities/id/662aa8dd-69b7-49e3-81…