Description
WordPress Plugin Migration, Backup, Staging-WPvivid is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to delete arbitrary files in the context of the webserver process. WordPress Plugin Migration, Backup, Staging-WPvivid version 0.9.76 is vulnerable.
Remediation
Update to plugin version 0.9.77 or latest
References
https://wpscan.com/vulnerability/605bc4bf-0a26-4d77-8e0c-cdc5fb58b817
https://plugins.svn.wordpress.org/wpvivid-backuprestore/trunk/readme.txt
Related Vulnerabilities
MySQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2009-4030)
WordPress Plugin BePro Listings Security Bypass (2.2.0020)
Oracle Database Server CVE-2010-0853 Vulnerability (CVE-2010-0853)
WordPress Plugin Tiny URL Cross-Site Scripting (1.3.2)
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-4281)