Loading market data...
← Back to CVE feed

CVE-2025-12656

LOW CVSS 3.8 View on NVD ↗

Description

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the delete_cancel_staging_site() function in all versions up to, and including, 0.9.128. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary folders on the server, which leads to a loss of data.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
Published: Jun 06, 2026 00:16 UTC Modified: Jun 06, 2026 00:16 UTC