Find notable cyber news and cases, enriched with sources, timelines, and signals.

WPvivid Backup & Migration plugin security update 0.9.124 (CVE-2026-1357)

Security Patch Release
First reported
Last updated
Happening score
H score 21
1 unique sources, 1 articles

Summary

Hide ▲

WPVividPlugins released version 0.9.124 on January 28 to fix CVE-2026-1357 in the WPvivid Backup & Migration plugin for WordPress. The patch closes a critical remote code execution path that could let attackers upload arbitrary files without authentication and potentially take over affected sites. It applies to plugin versions up to 0.9.123, and administrators should upgrade as soon as possible.

Related Happenings

Squid web proxy patch for CVE-2026-47729

Security Patch Release
H score20 First: 22.06.2026 17:29 Last: 22.06.2026 17:29 Sources 1

About this happening: **Squid maintainers** merged a **null-terminator check** for **CVE-2026-47729** into the **development branch** and **v7**, closing the FTP-parser over-read that could expose shar...

Gravity SMTP security patch release for CVE-2026-4020

Security Patch Release
H score16 First: 20.06.2026 12:56 Last: 20.06.2026 12:56 Sources 1

About this happening: **Gravity SMTP** released **version 2.1.5** to fix **CVE-2026-4020**, closing a **medium-severity information disclosure** flaw in the WordPress plugin. The patch addresses a bug...

F5 security patch release for CVE-2026-42530

Security Patch Release
H score39 First: 18.06.2026 20:32 Last: 18.06.2026 20:32 Sources 1

About this happening: **F5** released security updates for **NGINX Open Source** after finding **two critical vulnerabilities** that could lead to **remote code execution** on affected systems. The pat...

Everest Forms Pro plugin patch for CVE-2026-3300

Security Patch Release
H score43 First: 06.06.2026 17:09 Last: 06.06.2026 17:09 Sources 1

About this happening: The **Everest Forms developer** released a patch for **CVE-2026-3300** in **Everest Forms Pro** on **March 18**, closing an **unauthenticated arbitrary code execution** flaw affec...

Nginx security patch release for CVE-2026-49975

Security Patch Release
H score42 First: 03.06.2026 22:08 Last: 03.06.2026 22:08 Sources 1

About this happening: Vendors released fixes for the **HTTP/2 Bomb** DoS issue, closing a path that could let a **single client** exhaust server memory within seconds. The patch set covers **nginx 1.29...

Timeline

  1. 12.02.2026 19:09 1 articles · 4mo ago

    Vulnerability reported to Defiant

    Initial Disclosure

    Researcher Lucas Montes (NiRoX) reported a critical vulnerability in the WPvivid Backup & Migration plugin for WordPress to Defiant, starting the handling of CVE-2026-1357 as an unauthenticated arbitrary file upload flaw that could lead to remote code execution and site takeover.

    Show sources
  2. 12.02.2026 19:09 1 articles · 4mo ago

    Vendor notified after proof-of-concept validation

    Technical Analysis Update

    After validating the proof-of-concept exploit for CVE-2026-1357, Defiant notified WPVividPlugins about a critical flaw in the WPvivid Backup & Migration plugin that could permit arbitrary file upload without authentication and remote code execution.

    Show sources
  3. 12.02.2026 19:09 2 articles · 4mo ago

    Patch released in version 0.9.124

    Mitigation Patch Update

    WPVividPlugins released version 0.9.124 for the WPvivid Backup & Migration plugin, adding checks that stop execution if RSA decryption fails, sanitizing uploaded file names, and restricting uploads to allowed backup file types such as ZIP, GZ, TAR, and SQL.

    Show sources
  4. 12.02.2026 02:00 1 articles · 4mo ago

    Public disclosure of CVE-2026-1357

    Technical Analysis Update

    Public disclosure identified CVE-2026-1357 as a critical remote code execution flaw in the WPvivid Backup & Migration plugin for WordPress, affecting all versions up to 0.9.123 and posing higher risk to sites with the non-default receive backup from another site option enabled.

    Show sources