NOMISEC-itsismarcos/Exploit-CVE-2026-1357

NOMISEC WORKING POC
Exploit for CVE-2026-1357 - WPvivid Backup & Migration <0.9.123 - Unauthenticated RCE
AI Analysis

This repository contains a functional exploit for CVE-2026-1357, targeting a vulnerability in the WPvivid Backup plugin. The exploit leverages a null byte key decryption flaw and directory traversal to upload a malicious PHP webshell, achieving remote code execution (RCE).

Attack Type
RCE
Complexity
moderate
Reliability
reliable
MITRE ATT&CK
T1190 - Exploit Public-Facing Application T1505 - Server Software Component
Loading exploit code...
Download ZIP Password: eip
Source
Platform Nomisec
Type remote
Files 2
Stars 1
Forks 0
Last Push Feb 10, 2026
Authors
itsismarcos
Vulnerability
CVE-2026-1357
WPvivid Backup & Migration <0.9.123 - Unauthenticated RCE
CRITICAL
CVSS 9.8