CVEPublished 2023-10-20Modified 2026-04-081 article on news6 live referencesNVD data

CVE-2023-5576Wpvivid · Migration\,_backup\,_staging

Vulnerability data via NVD (ingested)

CVSS v3.1
8.0
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
EPSS percentile
76
Exploit Prediction Scoring System · top 24% of all CVEs
Description

The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 0.9.91 via Google Drive API secrets stored in plaintext in the publicly visible plugin source. This could allow unauthenticated attackers to impersonate the WPVivid Google Drive account via the API if they can trick a user into reauthenticating via another vulnerability or social engineering.

Timeline
Published 2023-10-20
Modified 2026-04-08

External references

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

More intel sources (5)

Known PoCs on GitHub

No public proof-of-concept repositories found for CVE-2023-5576 on GitHub.