CVE-2023-4274: 
WordPress vulnerability analysis and mitigation

The Migration, Backup, Staging – WPvivid plugin for WordPress (CVE-2023-4274) contains a Directory Traversal vulnerability affecting versions up to and including 0.9.89. This vulnerability was discovered and reported by Wordfence, with the initial CVE assignment date of August 9, 2023 (CVE MITRE).

The vulnerability is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and has received varying CVSS v3.1 severity ratings. The National Institute of Standards and Technology (NIST) assigned a base score of 6.5 (MEDIUM) with vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H, while Wordfence rated it at 8.7 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H (NVD).

The vulnerability allows authenticated attackers with administrative privileges to delete the contents of arbitrary directories on the server. This can be particularly critical in shared hosting environments where multiple websites or applications may be hosted on the same server (CVE MITRE).

Users should upgrade to version 0.9.90 or later of the WPvivid plugin, which contains the security fix for this vulnerability. A patch has been made available through the WordPress plugin repository (Wordpress Patch).