Description
WordPress Plugin Migration, Backup, Staging-WPvivid is prone to a deserialization vulnerability. Attackers can possibly exploit this issue to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions, granted a POP chain is also present. WordPress Plugin Migration, Backup, Staging-WPvivid version 0.9.74 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 0.9.75 or latest
References
Related Vulnerabilities
WordPress Plugin Simple Download Monitor Multiple Vulnerabilities (3.8.8)
WordPress Plugin My Page Order Cross-Site Scripting (4.3)
WordPress Plugin Share on Diaspora Cross-Site Scripting (0.7.1)
Oracle Database Server CVE-2009-1018 Vulnerability (CVE-2009-1018)
phpBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-7143)