NOMISEC-LucasM0ntes/POC-CVE-2026-1357

NOMISEC WORKING POC
Exploit for CVE-2026-1357 - WPvivid Backup & Migration <0.9.123 - Unauthenticated RCE
AI Analysis

This repository contains a functional exploit for CVE-2026-1357, an unauthenticated arbitrary file upload vulnerability in WPvivid Backup & Migration plugin (versions <= 0.9.123). The exploit leverages a cryptographic fail-open flaw combined with path traversal to achieve remote code execution.

Attack Type
RCE
Complexity
moderate
Reliability
reliable
MITRE ATT&CK
T1190 - Exploit Public-Facing Application T1204 - User Execution T1059 - Command and Scripting Interpreter
Loading exploit code...
Download ZIP Password: eip
Source
Platform Nomisec
Type remote
Files 2
Stars 3
Forks 2
Last Push Feb 11, 2026
Authors
LucasM0ntes Lucas Montes (NiRoX)
Vulnerability
CVE-2026-1357
WPvivid Backup & Migration <0.9.123 - Unauthenticated RCE
CRITICAL
CVSS 9.8