CVE-2025-12656
LOW
3,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: high
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: low
Availability: low
Description
AI Translation Available
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the delete_cancel_staging_site() function in all versions up to, and including, 0.9.128. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary folders on the server, which leads to a loss of data.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0004
Percentile
0,1th
Updated
EPSS Score Trend (Last 7 Days)
73
External Control of File Name or Path
DraftCommon Consequences
Security Scopes Affected:
Integrity
Confidentiality
Availability
Potential Impacts:
Read Files Or Directories
Modify Files Or Directories
Execute Unauthorized Code Or Commands
Dos: Crash, Exit, Or Restart
Dos: Resource Consumption (Other)
Applicable Platforms
Operating Systems:
Unix, Windows, macOS
https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/tags/0.9.120/i…
https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/tags/0.9.120/i…
https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/tags/0.9.120/i…
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&ol…
https://wordpress.org/plugins/wpvivid-backuprestore/
https://www.wordfence.com/threat-intel/vulnerabilities/id/2f5962e5-3dc7-4f93-88…