Early Access — Mondoo Vulnerability Intelligence is currently in preview.
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory creation in all versions up to, and including, 0.9.120. This is due to the check_filesystem_permissions() function not properly restricting the directories that can be created, or in what location. This makes it possible for authenticated attackers, with Administrator-level access and above, to create arbitrary directories.
Exploitability
AV:NAC:LPR:HUI:NScope
S:UImpact
C:NI:LA:N2.7/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:NInput Validation