Security News WordPress plugin with 900k installs vulnerable to critical RCE flaw BleepingComputer Daniel Bender 12 Feb 2026 A critical vulnerability in the WPvivid Backup & Migration plugin for WordPress, installed on more than 900,000 websites, can be exploited to achieve remote code execution by uploading arbitrary files without authentication.
