CVE-2022-0531— WPvivid Backup and Migration Plugin < 0.9.70 - Reflected Cross-Site Scripting

EPSS 0.29% · P52 Updated Feb 25, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-0531

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

WPvivid Backup and Migration Plugin < 0.9.70 - Reflected Cross-Site Scripting

Source: NVD (National Vulnerability Database)

Vulnerability Description

The Migration, Backup, Staging WordPress plugin before 0.9.70 does not sanitise and escape the sub_page parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Source: NVD (National Vulnerability Database)

Vulnerability Title

WordPress和WordPress plugin 跨站脚本漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是WordPress开源的一个应用插件。 WordPress Migration, Backup, Staging – WPvivid plugin存在跨站脚本漏洞，该漏洞是由于对 sub_page 参数中用户提供的数据的清理不充分而存在的。远程攻击者可以诱骗受害者跟踪特制链接，并在用户浏览器中在易受攻击的网站上下文中执行任意 HTML

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Unknown	Migration, Backup, Staging – WPvivid	0.9.70 ~ 0.9.70	-

II. Public POCs for CVE-2022-0531

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-0531

请登录查看更多情报信息。

Same Patch Batch · Unknown · 2022-04-11 · 23 CVEs total

CVE-2022-0840		Easy Social Icons < 3.2.1 - Admin+ Stored Cross-Site Scripting in add icon
CVE-2021-24986		Post Grid < 2.1.16 - Reflected Cross-Site Scripting via keyword
CVE-2021-24987		Super Socializer < 7.13.30 - Reflected Cross-Site Scripting
CVE-2021-25090		GridKit Portfolio < 2.1.0 - Subscriber+ Stored Cross-Site Scripting
CVE-2022-0246		iQ Block Country < 1.2.13 - Admin+ Arbitrary File Deletion via Zip Slip
CVE-2022-0271		LearnPress < 4.1.6 - Reflected Cross-Site Scripting
CVE-2022-0314		Nimble Page Builder < 3.2.2 - Reflected Cross-Site Scripting
CVE-2022-0447		Post Grid < 2.1.16 - Reflected Cross-Site Scripting via post_types
CVE-2022-0471		Favicon by RealFaviconGenerator < 1.3.23 - Reflected Cross-Site Scripting
CVE-2022-0728		Easy Smooth Scroll Links < 2.23.1 - Admin+ Stored Cross-Site Scripting
CVE-2022-0828		Download Manager < 3.2.39 - Unauthenticated brute force of files master key
CVE-2022-1023		Podcast Importer SecondLine < 1.3.8 - Admin+ SQLi
CVE-2022-0892		Export All URLs < 4.2 - Reflected Cross-Site Scripting
CVE-2022-0914		Export All URLs < 4.3 - Private/Draft Post/Page Title Disclosure via CSRF
CVE-2022-0919		Salon booking system < 7.6.3 - Unauthenticated Sensitive Data Disclosure
CVE-2022-0920		Salon booking system < 7.6.3 - Customer+ Bookings/Customers Data Disclosure
CVE-2022-0949		WP Block and Stop Bad Bots < 6.930 - Unauthenticated SQLi
CVE-2022-0969		Image optimization & Lazy Load < 3.3.2 - Admin+ Stored Cross-Site Scripting
CVE-2022-0989		NS WooCommerce Watermark <= 2.11.3 - Abuse of Functionality
CVE-2022-1006		Advanced Booking Calendar < 1.7.1 - Admin+ SQLi

Showing top 20 of 23 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Migration, Backup, Staging – WPvivid

Same vendor: Unknown

Same weakness: CWE-79

V. Comments for CVE-2022-0531

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-0531— WPvivid Backup and Migration Plugin < 0.9.70 - Reflected Cross-Site Scripting

I. Basic Information for CVE-2022-0531

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-0531

III. Intelligence Information for CVE-2022-0531

Same Patch Batch · Unknown · 2022-04-11 · 23 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2022-0531

Leave a comment