PLUGIN SECURITY
Is Wpvivid Backuprestore safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the Wpvivid Backuprestore WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
wpvivid-backuprestore - Requires PHP: 5.3+
- Max supported PHP (analyzed): <8.0
Known vulnerabilities
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.71 [CVE-2021-24994, WordPress WPvivid Backup and Migration Plugin <= 0.9.68 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability, Migration, Backup, Staging – WPvivid <= 0.9.68 - Unauthenticated Stored Cross-Site Scripting, WPvivid Backup and Migration Plugin < 0.9.69 - Unauthenticated Stored Cross-Site Scripting]
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.70 [CVE-2022-0531, WordPress Migration, Backup, Staging – WPvivid plugin <= 0.9.69 - Reflected Cross-Site Scripting (XSS) vulnerability, Migration, Backup, Staging – WPvivid <= 0.9.69 - Reflected Cross-Site Scripting via sub_page Parameter, WPvivid Backup and Migration Plugin < 0.9.70 - Reflected Cross-Site Scripting]
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.71 [CVE-2022-27844, WordPress WPvivid plugin <= 0.9.70 - Arbitrary File Read vulnerability, Migration, Backup, Staging – WPvivid <= 0.9.70 - Authenticated Arbitrary File Read, WPvivid Backup and Migration Plugin < 0.9.71 - Admin+ Arbitrary File Download]
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.53 [WordPress WPvivid Backup and Migration plugin <= 0.9.52 - SQL Injection (SQLi) vulnerability]
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.36 [WordPress WPvivid Backup and Migration plugin <= 0.9.35 - Missing Authorization vulnerability leading to Database Leak]
+ 33 more known vulnerabilities
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.76 [CVE-2022-2442, WordPress WPvivid Backup Plugin <= 0.9.74 - Authenticated PHAR Deserialization vulnerability, Migration, Backup, Staging – WPvivid <= 0.9.74 - Authenticated (Admin+) PHAR Deserialization, WPvivid Backup < 0.9.75 - Admin+ PHAR Deserialization]
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.77 [WordPress WPvivid Backup plugin 0.9.76 - Authenticated Arbitrary File Deletion vulnerability]
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.76 [CVE-2022-2863, Migration, Backup, Staging – WPvivid <= 0.9.75 - Authenticated (Administrator+) Path Traversal, WPvivid Backup < 0.9.76 - Admin+ Arbitrary File Read]
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.77 [WPvivid Backup 0.9.76 - Authenticated (Administrator+) Arbitrary File Deletion]
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.76 [Migration, Backup, Staging – WPvivid <= 0.9.75 - Authenticated (Admin+) Directory Traversal]
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.56 [Migration, Backup, Staging – WPvivid <= 0.9.55 - Reflected Cross-Site Scripting]
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.36 [Migration, Backup, Staging – WPvivid <= 0.9.35 - Sensitive Information Disclosure]
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.36 [Migration, Backup, Staging – WPvivid <= 0.9.35 - Authenticated (Subscriber+) Arbitrary File Upload]
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.56 [WPvivid Backup < 0.9.56 - Reflected Cross-Site Scripting]
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.77 [WPvivid Backup 0.9.76 - Admin+ Arbitrary File Deletion]
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.36 [WPvivid Backup < 0.9.36 - Missing Authorization Leading To Database Leak]
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.91 [WPvivid Backup Plugin <= 0.9.90 - Missing Authorization via 'start_staging' and 'get_staging_progress']
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.91 [Migration, Backup, Staging – WPvivid <= 0.9.90 - Authenticated(Administrator+) Stored Cross-Site Scripting]
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.91 [CVE-2023-41243, WordPress WPvivid Backup and Migration Plugin <= 0.9.90 is vulnerable to Privilege Escalation, WPvivid Backup Plugin < 0.9.91 - Missing Authorization via 'start_staging' and 'get_staging_progress']
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.91 [WordPress WPvivid Backup and Migration Plugin <= 0.9.90 is vulnerable to Cross Site Scripting (XSS)]
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.90 [CVE-2023-5121, Migration, Backup, Staging – WPvivid <= 0.9.89 - Authenticated (Administrator+) Stored Cross-Site Scripting, WordPress WPvivid Backup and Migration Plugin <= 0.9.89 is vulnerable to Cross Site Scripting (XSS), Migration, Backup, Staging – WPvivid < 0.9.90 - Admin+ Stored XSS]
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.90 [CVE-2023-4274, Migration, Backup, Staging – WPvivid <= 0.9.89 - Authenticated (Administrator+) Arbitrary Directory Deletion via Path Traversal, WordPress WPvivid Backup and Migration Plugin <= 0.9.89 is vulnerable to Arbitrary File Deletion, Migration, Backup, Staging – WPvivid < 0.9.90 - Admin+ Arbitrary Directory Deletion via Path Traversal]
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.90 [CVE-2023-5120, Migration, Backup, Staging – WPvivid <= 0.9.89 - Authenticated Stored Cross-Site Scripting, Migration, Backup, Staging – WPvivid < 0.9.90 - Admin+ Stored XSS]
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.92 [CVE-2023-5576, Migration, Backup, Staging – WPvivid <= 0.9.91 - Google Drive Client Secret Exposure, WordPress WPvivid Backup and Migration Plugin <= 0.9.91 is vulnerable to Sensitive Data Exposure, Migration, Backup, Staging - WPvivid < 0.9.91 - Unauthenticated Sensitive Information Exposure]
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.95 [CVE-2023-4637, WPvivid <= 0.9.94 - Missing Authorization, WordPress WPvivid Backup and Migration Plugin <= 0.9.94 is vulnerable to Broken Access Control, WPvivid < 0.9.95 - Missing Authorization]
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.69 [CVE-2024-1982, WPvivid Backup and Migration <= 0.9.68 - Missing Authorization, WordPress WPvivid Backup and Migration Plugin <= 0.9.68 is vulnerable to Broken Access Control]
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.69 [CVE-2024-1981, WPvivid Backup and Migration <= 0.9.68 - Unauthenticated SQL Injection, WordPress WPvivid Backup and Migration Plugin <= 0.9.68 is vulnerable to SQL Injection, WPvivid Backup and Migration < 0.9.69 - Unauthenticated SQLi & DoS]
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.100 [CVE-2024-3054, WPvivid Backup & Migration Plugin <= 0.9.99 - Authenticated (Admin+) PHAR Deserialization, WordPress WPvivid Backup and Migration Plugin <= 0.9.99 is vulnerable to PHP Object Injection]
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.106 [CVE-2024-7315, WordPress WPvivid Backup and Migration Plugin < 0.9.106 is vulnerable to Sensitive Data Exposure, Migration, Backup, Staging – WPvivid <= 0.9.105 - Sensitive Information Exposure]
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.36 [CVE-2020-36835]
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.36 [CVE-2020-36842]
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.108 [CVE-2024-10962, Migration, Backup, Staging – WPvivid <= 0.9.107 - Unauthenticated PHP Object Injection, WordPress WPvivid Backup and Migration Plugin <= 0.9.107 is vulnerable to PHP Object Injection]
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.107 [CVE-2024-56273, WordPress WPvivid Backup and Migration Plugin <= 0.9.106 is vulnerable to Broken Access Control, WPvivid Backup and Migration <= 0.9.106 - Missing Authorization, EUVD-2024-53070]
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.113 [CVE-2024-13869, Migration, Backup, Staging – WPvivid <= 0.9.112 - Authenticated (Admin+) Arbitrary File Upload via wpvivid_upload_file, EUVD-2025-4422]
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.117 [CVE-2025-5961, Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.116 - Authenticated (Administrator+) Arbitrary File Upload, EUVD-2025-19880]
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.121 [CVE-2025-12654, Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.120 - Authenticated (Admin+) Arbitrary Directory Creation, EUVD-2025-204659]
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.124 [CVE-2026-1357, Migration, Backup, Staging <= 0.9.123 - Unauthenticated Arbitrary File Upload]
- WPvivid — Backup, Migration & Staging [wpvivid-backuprestore] < 0.9.129 [CVE-2025-12656, Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.128 - Authenticated (Admin+) Arbitrary Directory Deletion, EUVD-2025-210080, Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.128 - Authenticated (Admin+) Arbitrary Directory Deletion]
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- All-in-One WP Migration and Backup — 5000000+ active installs — max PHP <8.0
- UpdraftPlus: WP Backup & Migration Plugin — 3000000+ active installs — max PHP <8.0
- Jetpack – WP Security, Backup, Speed, & Growth — 3000000+ active installs
- Yoast Duplicate Post — 3000000+ active installs — max PHP 8.4
- Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More — 1000000+ active installs — max PHP <8.0
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.