Summary
WPvivid Backup & Migration plugin for WordPress patched a critical RCE vulnerability (CVE-2026-1357) that allows unauthenticated attackers to upload malicious PHP files via predictable cryptographic keys.
Take Action:
If you are using WPvivid plugin, update to version 0.9.124 ASAP. If you cannot update right away, ensure the 'receive backup from another site' feature is disabled to close the primary attack vector.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)