Ostorlab: Mobile App Security Testing for Android and iOS

Tag

wordpress

CVE-2026-1357: Unauthenticated RCE in WPvivid Backup Plugin

A technical breakdown of CVE-2026-1357, a CVSS 9.8 critical unauthenticated remote code execution vulnerability in the WPvivid Backup & Migration plugin (≤ 0.9.123). Two chained flaws, a cryptographic fail-open and an unsanitized path traversal, allow arbitrary file write and shell upload without credentials.

Mohammed Lachhab


            Fri 20 February 2026

Product

AI-automated Attack surface, Privacy Analysis, Wordpress agent, and more.

Ostorlab's January 2025 update introduces AI-powered attack surface discovery and improves IDE pe...

Ostorlab Team


                  Mon 20 January 2025

Security

Deep Dive: Stored XSS Vulnerability in LiteSpeed Cache Plugin for WordPress (CVE-2024-47374)

An in-depth look at the CVE-2024-47374 vulnerability affecting LiteSpeed Cache plugin for WordPre...

Nour Eddine Masdoufi


                  Thu 10 October 2024

wordpress

CVE-2026-1357: Unauthenticated RCE in WPvivid Backup Plugin

AI-automated Attack surface, Privacy Analysis, Wordpress agent, and more.

Deep Dive: Stored XSS Vulnerability in LiteSpeed Cache Plugin for WordPress (CVE-2024-47374)

Subscribe to the Ostorlab Newsletter