WordPress plugin with 900k installs vulnerable to critical RCE flaw
Bleeping Computer
by Bill ToulasFebruary 12, 2026
A critical vulnerability in the WPvivid Backup & Migration plugin for WordPress, installed on more than 900,000 websites, can be exploited to achieve remote code execution by uploading arbitrary files without authentication.
Verticals
securitytech
Originally published on Bleeping Computer on 2/12/2026