Critical WordPress Plugin Flaw Lets Hackers Take Over Sites Without Login

North Korean Hackers Weaponize Developer Tools to Turn Code Workflows Into Malware Delivery Channels

Critical WordPress Plugin Flaw Lets Hackers Take Over Sites Without Login

A high-severity bug in a popular backup tool opens the door to remote code execution.

Vulnerability Overview

A critical weakness in the WPvivid Backup & Migration plugin could allow attackers to upload arbitrary files and execute code without authentication. The issue carries the identifier CVE-2026-1357 and received a severity score of 9.8.

More than 900,000 WordPress websites run the plugin. Successful exploitation could lead to a full site takeover.

Who Is Truly at Risk

Researchers at Defiant clarified that the most severe impact appears when administrators enable the “receive backup from another site” option.

This setting is not active by default. However, many teams temporarily switch it on during migrations or hosting changes. That operational reality increases the likelihood of exposure.

Attackers also face a timing constraint. They must use a generated transfer key within a 24-hour window.

How the Exploit Works

Security researcher Lucas Montes (NiRoX) reported the flaw in January.

The vulnerability combines two major weaknesses.

First, the plugin mishandled cryptographic errors. When RSA decryption failed, execution continued. The system then treated the failed output as predictable data, which attackers could abuse to craft accepted payloads.

Second, the upload process lacked proper filename sanitization. This gap enabled directory traversal, allowing malicious files to land outside the intended path. Attackers could then place rogue PHP scripts and trigger remote execution.

Patch Released

After validating the proof of concept, Defiant notified the vendor, WPVividPlugins.

The company released version 0.9.124 within days. The update:

Stops execution when decryption fails
Sanitizes filenames
Restricts uploads to approved backup formats such as ZIP, GZ, TAR, and SQL

Why This Matters Beyond One Plugin

Backup and migration tools usually operate with elevated privileges. Therefore, weaknesses in these components often provide attackers with direct administrative reach.

Even temporary configuration changes can open high-risk windows. Many compromises occur during these short operational periods.

What Administrators Should Do Now

Website owners should update immediately to the patched version. Additionally, they should review logs for unexpected uploads or unfamiliar files in web directories.

If the feature was enabled recently, assume attackers may have scanned for it.

Bigger Takeaway

Modern attackers move fast. They monitor disclosures, build automation, and hunt for unpatched systems within hours.

Strong patch governance and visibility into temporary exposure windows now matter as much as perimeter defenses.

Over 20,000 Instagram Accounts Hijacked Through Meta AI Support Flaw

Nottingham University Data Breach Exposes Records of More Than 450,000 Students

DragonForce Ransomware Hides C2 Traffic Inside Microsoft Teams Infrastructure

North Korean Hackers Weaponize Developer Tools to Turn Code Workflows Into Malware Delivery Channels

Anthropic Unveils Claude Fable 5 with Built-In Cyber Safeguards as AI Security Enters a New Era

ATHR AI Vishing Platform Automates Voice Phishing at Scale

How Modern Businesses Can Measure Cyber Risk in Financial and Operational Terms Instead of Technical Guesswork

What Is Wiper Malware in Cybersecurity? Understanding One of the Most Destructive Types of Cyber Attacks

Why Delaying Software Updates Can Put Your Entire Digital Security at Risk

How Attackers Abuse Legitimate Windows Tools: Understanding LOLBins and Living-Off-the-Land Attacks

Brave Launches Paid ‘Origin’ Browser for Users Seeking a Cleaner, Privacy-First Experience

Apple Blocks $11 Billion in App Store Fraud as Mobile Threats Continue to Rise

Critical WordPress Plugin Flaw Lets Hackers Take Over Sites Without Login