Security Advisory

CVE-2025-12654

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-21 03:20:05
Last updated 2026-04-08 16:57:56
Assigner Wordfence
State PUBLISHED

Description

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory creation in all versions up to, and including, 0.9.120. This is due to the check_filesystem_permissions() function not properly restricting the directories that can be created, or in what location. This makes it possible for authenticated attackers, with Administrator-level access and above, to create arbitrary directories.