{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4274", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2023-08-09T14:14:32.300Z", "datePublished": "2023-10-20T06:35:26.385Z", "dateUpdated": "2025-02-05T19:07:13.050Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2023-10-20T06:35:26.385Z"}, "affected": [{"vendor": "wpvividplugins", "product": "Migration, Backup, Staging \u2013 WPvivid", "versions": [{"version": "0.9.89", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 0.9.89. This allows authenticated attackers with administrative privileges to delete the contents of arbitrary directories on the server, which can be a critical issue in a shared environments."}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d94f38f-4b52-4b0d-800c-a6fca40bda3c?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/tags/0.9.89/includes/class-wpvivid-setting.php#L200"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2956458%40wpvivid-backuprestore%2Ftrunk&old=2948265%40wpvivid-backuprestore%2Ftrunk&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H", "baseScore": 8.7, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Ivan Kuzymchak"}], "timeline": [{"time": "2023-08-04T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2023-09-22T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:24:04.393Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d94f38f-4b52-4b0d-800c-a6fca40bda3c?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/tags/0.9.89/includes/class-wpvivid-setting.php#L200", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2956458%40wpvivid-backuprestore%2Ftrunk&old=2948265%40wpvivid-backuprestore%2Ftrunk&sfp_email=&sfph_mail=", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-05T18:23:20.219168Z", "id": "CVE-2023-4274", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-05T19:07:13.050Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4274", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2023-08-09T14:14:32.300Z", "datePublished": "2023-10-20T06:35:26.385Z", "dateUpdated": "2025-02-05T19:07:13.050Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2023-10-20T06:35:26.385Z"}, "affected": [{"vendor": "wpvividplugins", "product": "Migration, Backup, Staging \u2013 WPvivid", "versions": [{"version": "0.9.89", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 0.9.89. This allows authenticated attackers with administrative privileges to delete the contents of arbitrary directories on the server, which can be a critical issue in a shared environments."}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d94f38f-4b52-4b0d-800c-a6fca40bda3c?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/tags/0.9.89/includes/class-wpvivid-setting.php#L200"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2956458%40wpvivid-backuprestore%2Ftrunk&old=2948265%40wpvivid-backuprestore%2Ftrunk&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H", "baseScore": 8.7, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Ivan Kuzymchak"}], "timeline": [{"time": "2023-08-04T00:00:00.000+00:00", "lang": "en", "value": "Discovered"}, {"time": "2023-09-22T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:24:04.393Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d94f38f-4b52-4b0d-800c-a6fca40bda3c?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/tags/0.9.89/includes/class-wpvivid-setting.php#L200", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2956458%40wpvivid-backuprestore%2Ftrunk&old=2948265%40wpvivid-backuprestore%2Ftrunk&sfp_email=&sfph_mail=", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-4274", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-05T18:23:20.219168Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-05T18:23:21.643Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wpvivid:migration\\,_backup\\,_staging:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "7DACB4DD-9204-4B8D-8C43-F0967E26EDC4", "versionEndExcluding": "0.9.90", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 0.9.89. This allows authenticated attackers with administrative privileges to delete the contents of arbitrary directories on the server, which can be a critical issue in a shared environments."}, {"lang": "es", "value": "El complemento Migration, Backup, Staging \u2013 WPvivid para WordPress es vulnerable a Directory Traversal en versiones hasta la 0.9.89 incluida. Esto permite a atacantes autenticados con privilegios administrativos eliminar el contenido de directorios arbitrarios en el servidor, lo que puede ser un problema cr\u00edtico en entornos compartidos."}], "id": "CVE-2023-4274", "lastModified": "2024-11-21T08:34:46.227", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 5.8, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-20T07:15:15.537", "references": [{"source": "security@wordfence.com", "tags": ["Exploit"], "url": "https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/tags/0.9.89/includes/class-wpvivid-setting.php#L200"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2956458%40wpvivid-backuprestore%2Ftrunk&old=2948265%40wpvivid-backuprestore%2Ftrunk&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d94f38f-4b52-4b0d-800c-a6fca40bda3c?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://plugins.trac.wordpress.org/browser/wpvivid-backuprestore/tags/0.9.89/includes/class-wpvivid-setting.php#L200"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2956458%40wpvivid-backuprestore%2Ftrunk&old=2948265%40wpvivid-backuprestore%2Ftrunk&sfp_email=&sfph_mail="}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d94f38f-4b52-4b0d-800c-a6fca40bda3c?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}