CVE-2024-1383 in WPvivid Plugin
Summary
by MITRE • 03/13/2024
The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 0.9.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. CVE-2024-35664 is likely a duplicate of this issue.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 04/12/2026
The WPvivid Backup for MainWP plugin represents a widely used backup solution within the WordPress ecosystem, specifically designed for managing backups across multiple WordPress sites through the MainWP dashboard. This plugin facilitates automated backup operations and provides administrators with tools to manage their site data efficiently. However, the vulnerability identified in version 0.9.32 and earlier exposes a critical security weakness that affects the plugin's handling of user input parameters. The vulnerability stems from inadequate sanitization and escaping mechanisms within the plugin's codebase, creating an avenue for malicious actors to exploit the system through reflected cross-site scripting attacks.
The technical flaw manifests through the improper handling of the 'id' parameter within the plugin's request processing pipeline. When the plugin receives a request containing this parameter, it fails to properly sanitize the input before incorporating it into HTML responses. This insufficient validation allows attackers to inject malicious script code that gets executed in the context of a victim's browser when they navigate to a specially crafted URL. The reflected nature of this vulnerability means that the malicious script code is reflected back from the server to the user's browser without being stored on the server, making it particularly dangerous as it can be delivered through various attack vectors including email links, social media messages, or compromised websites.
The operational impact of this vulnerability extends beyond simple script execution as it creates a vector for more sophisticated attacks that can compromise user sessions, steal sensitive information, or redirect users to malicious websites. Attackers can craft deceptive links that appear legitimate to users, tricking them into clicking on URLs that contain malicious payloads designed to exploit this XSS vulnerability. Once executed, these scripts can access cookies, session tokens, or other sensitive data stored in the browser, potentially allowing attackers to impersonate legitimate users and gain unauthorized access to their WordPress sites or MainWP dashboards. The vulnerability affects unauthenticated attackers, meaning no prior credentials or access are required to exploit the issue, making it particularly dangerous for plugin users.
Security professionals should note this vulnerability aligns with CWE-79 which specifically addresses Cross-Site Scripting flaws in software systems. The issue also relates to ATT&CK technique T1566 which involves social engineering through malicious links and payloads designed to exploit web application vulnerabilities. Organizations using this plugin should immediately implement mitigations including updating to the latest version where the vulnerability has been patched, implementing web application firewalls to detect and block malicious payloads, and conducting security awareness training to help users recognize potentially malicious links. Additionally, administrators should consider implementing Content Security Policy headers to limit the execution of unauthorized scripts and monitor access logs for suspicious activity that might indicate exploitation attempts. The vulnerability's classification as a reflected XSS issue also suggests that similar problems might exist in other parameters within the plugin, warranting comprehensive code review and security auditing of the entire plugin codebase to identify and remediate additional potential vulnerabilities.