× EU ICT Risk Newsroom DORA News On the Horizon ΑΙ Cybersec Space Cyber Alerts GDPR News EU CERT Advisories ICT Governance ESA/NCAs Contact

Critical RCE flaw in WordPress plugin with 900k installs

Newsroom - 12 February 2026 - 19:09

A critical vulnerability in the WPvivid Backup & Migration plugin for WordPress, installed on more than 900,000 websites, can be exploited to achieve remote code execution by uploading arbitrary files without authentication.

Critical RCE flaw in WordPress plugin with 900k installs

A critical vulnerability in the WPvivid Backup & Migration plugin for WordPress, installed on more than 900,000 websites, can be exploited to achieve remote code execution by uploading arbitrary files without authentication.

WordPress RCE vulnerability plugin

Critical RCE flaw in WordPress plugin with 900k installs

A critical vulnerability in the WPvivid Backup & Migration plugin for WordPress, installed on more than 900,000 websites, can be exploited to achieve remote code execution by uploading arbitrary files without authentication.

Subscribe for EU DORA and Banking ICT Risk news and insights