CVE-2026-1357 – WordPress WPvivid Backup & Migration Plugin Privilege Escalation Vulnerability
“This vulnerability exposes a critical weakness in a widely used WordPress backup plugin. If exploited, attackers could gain full administrative control and manipulate backup systems that protect website data.”
A security update was released to address a vulnerability in the WPvivid Backup & Migration plugin for WordPress, a popular tool used to create backups, migrate websites, and restore data. The issue affects how the plugin validates user permissions when handling certain operations. If left unpatched, attackers could exploit the weakness to gain elevated privileges within the WordPress environment.
CVE-2026-1357 carries a CVSS v3.1 score of 9.8 (Critical). The vulnerability stems from improper privilege validation that may allow attackers to escalate privileges and perform administrative actions without proper authorization. Successful exploitation could allow attackers to modify backup files, change plugin configurations, or take control of site management functions.
The issue was addressed through updates to the WPvivid Backup & Migration plugin, which strengthen permission validation and access control checks across affected functionality. No verified real-world exploitation or confirmed public proof-of-concept code has been reported for this vulnerability.
Key Details
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-434