CVE-2022-2863
published 2022-09-16CVE-2022-2863: The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file…
PriorityP340medium4.9CVSS 3.1
AVNACLPRHUINSUCHINAN
EXPLOIT
EPSS
18.15%
96.8th percentile
The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wpvivid | migration_backup_staging | < 0.9.76 | 0.9.76 |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Migration, Backup, Staging Plugin up to 0.9.75 on WordPress path traversal (ID 168616 / EUVD-2022-35097)
vuldb·2026-05-27·CVSS 4.9
CVE-2022-2863 [MEDIUM] Migration, Backup, Staging Plugin up to 0.9.75 on WordPress path traversal (ID 168616 / EUVD-2022-35097)
A vulnerability labeled as critical has been found in Migration, Backup, Staging Plugin up to 0.9.75 on WordPress. The impacted element is an unknown function. Such manipulation leads to path traversal.
This vulnerability is referenced as CVE-2022-2863. The attack needs to be initiated within the local network. Furthermore, an exploit is available.
The affected component should be upgraded.
GHSA
GHSA-ggvq-62qc-4q5p: The Migration, Backup, Staging WordPress plugin before 0
ghsa_unreviewed·2022-09-17
CVE-2022-2863 [MEDIUM] CWE-22 GHSA-ggvq-62qc-4q5p: The Migration, Backup, Staging WordPress plugin before 0
The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack
No detection rules found.
Nuclei
WordPress WPvivid Backup <0.9.76 - Local File Inclusion
nuclei·CVSS 4.9
CVE-2022-2863 [MEDIUM] WordPress WPvivid Backup <0.9.76 - Local File Inclusion
WordPress WPvivid Backup <0.9.76 - Local File Inclusion
WordPress WPvivid Backup version 0.9.76 is vulnerable to local file inclusion because the plugin does not sanitize and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server.
Template:
id: CVE-2022-2863
info:
name: WordPress WPvivid Backup <0.9.76 - Local File Inclusion
author: tehtbl
severity: medium
description: WordPress WPvivid Backup version 0.9.76 is vulnerable to local file inclusion because the plugin does not sanitize and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access t
No writeups or analysis indexed.
http://packetstormsecurity.com/files/168616/WordPress-WPvivid-Backup-Path-Traversal.htmlhttp://seclists.org/fulldisclosure/2022/Oct/0https://wpscan.com/vulnerability/cb6a3304-2166-47a0-a011-4dcacaa133e5http://packetstormsecurity.com/files/168616/WordPress-WPvivid-Backup-Path-Traversal.htmlhttp://seclists.org/fulldisclosure/2022/Oct/0https://wpscan.com/vulnerability/cb6a3304-2166-47a0-a011-4dcacaa133e5
2022-09-16
Published