Nearly a million WordPress websites could be at risk from this serious plugin security flaw

WPvivid Backup & Migration plugin allows for arbitrary file upload which can lead to remote code execution.
Security Boulevard

CVE-2026-1357: WordPress Plugin RCE Exposes Sites to Full Takeover

CVE-2026-1357 exposes a critical WordPress WPvivid plugin flaw, allowing unauthenticated RCE, enabling attackers to upload PHP files and fully compromise sites. The post CVE-2026-1357: WordPress ...

WordPress plugin with 900k installs vulnerable to critical RCE flaw

A critical vulnerability in the WPvivid Backup & Migration plugin for WordPress, installed on more than 900,000 websites, can be exploited to achieve remote code execution by uploading arbitrary files ...
TechJuice

Critical WordPress Plugin Flaw Exposes 900,000+ Sites to Remote Code Execution

A critical remote code execution flaw in the WPvivid Backup & Migration WordPress plugin puts over 900,000 sites at risk unless patched.