Critical WordPress Backup Plugin Flaw Leaves 800,000 Sites Exposed to Remote Code Execution

Fri Feb 13 2026

Vulnerability

cyberpress.org

A critical vulnerability in the WPvivid Backup plugin exposes over 800,000 WordPress sites to unauthenticated remote code execution. Discovered via Wordfence’s Bug Bounty Program, this flaw allows attackers to upload malicious files when sites enable a specific backup transfer feature. The WPvivid Backup & Migration plugin, known as Migration, Backup, and Staging, suffers from an […] The post Critical WordPress Backup Plugin Flaw Leaves 800,000 Sites Exposed to Remote Code Execution appeared first on Cyber Security News.