CVE-2025-12656EPSS p18.5%

CVE-2025-12656CVE-2025-12656

Description

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the delete_cancel_staging_site() function in all versions up to, and including, 0.9.128. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary folders on the server, which leads to a loss of data.

Scoring

CVSS 3.8 ()
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
EPSS0.27% probability of exploitation · percentile 18.5% · 2026-06-19T12:03:05Z
Last modified2026-06-08

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-10058
CVE
CVE-2026-1357
CVE
CVE-2025-13322
CVE
CVE-2025-3055
CVE
CVE-2025-10916
CVE
CVE-2025-2007
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.