Exploitation Summary
CVE-2022-2863 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack
Nuclei Templates (1)
WordPress WPvivid Backup <0.9.76 - Local File Inclusion
MEDIUMby tehtbl
References (3)
Core 3
Core References
Exploit, Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/Oct/0
Exploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/168616/WordPress-WPvivid-Backup-Path-Traversal.html
Exploit, Patch, Third Party Advisory
https://wpscan.com/vulnerability/cb6a3304-2166-47a0-a011-4dcacaa133e5
Scores
CVSS v3
4.9
EPSS
0.1767
EPSS Percentile
96.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
wpvivid/migration\,_backup\,_staging
< 0.9.76
Published
Sep 16, 2022
Tracked Since
Feb 18, 2026