Ostorlab: Mobile App Security Testing for Android and iOS

Tag

CVE

CVE-2026-1357: Unauthenticated RCE in WPvivid Backup Plugin

A technical breakdown of CVE-2026-1357, a CVSS 9.8 critical unauthenticated remote code execution vulnerability in the WPvivid Backup & Migration plugin (≤ 0.9.123). Two chained flaws, a cryptographic fail-open and an unsanitized path traversal, allow arbitrary file write and shell upload without credentials.

Mohammed Lachhab


            Fri 20 February 2026

Security

CVE-2024-5315 Dolibarr SQL Injection Investigation

CVE-2024-5315, an actively exploited Dolibarr SQL Injection with in incorrect patched-in version.

Youssef Badaoui


                  Sun 14 July 2024

Security

Known Exploitable Vulnerabilities: Catching them all

In this article we will Discover essential tools and empirical insights for identifying critical,...

Saad Mazouzi


                  Wed 10 January 2024

CVE

CVE-2026-1357: Unauthenticated RCE in WPvivid Backup Plugin

CVE-2024-5315 Dolibarr SQL Injection Investigation

Known Exploitable Vulnerabilities: Catching them all

Subscribe to the Ostorlab Newsletter