WPvivid — Backup, Migration & Staging

Slug: wpvivid-backuprestore · wpvividplugins · 900,000+

Actively maintained

Overall Score

Some areas need attention

Needs Review

What this score means

Scores are calculated on a 100-point scale by analysing six weighted categories: Security, WP.org Readiness, Performance, Code Quality, Accessibility, and Vulnerabilities. Open vulnerabilities are weighted by severity, CVSS, and patch availability, and incomplete source data can reduce confidence slightly.

Excellent The plugin follows best practices across every measured category. It is well-maintained, low-risk, and recommended for production use.
Good Strong overall quality with minor areas for improvement. Generally safe to use on most sites.
Needs Review Some areas of concern detected. Review the full issues report and weigh the risks before installing on production.
High Risk Significant quality or security problems found. Exercise caution — check the details carefully before using this plugin.

Score computed: May 24, 2026 9:44 pm (2 weeks ago). Vulnerability data mode: Live.
High confidence (100/100) based on metadata completeness and vulnerability evidence quality.
Open vulnerabilities are weighted by severity, CVSS, and patch availability, then adjusted slightly when the source data is incomplete.

Wordfence: June 10, 2026 4:46 am (17 minutes ago)

No known open vulnerabilities found.

Score Breakdown

Shield

Security

High Risk

Why this score?

Top deductions are based on 2 affected rules, reducing this category by 226 total points.

Rule	Hits	Impact	Share
Security issue: Warning	54	-216	95.6%
Security issue: Error	1	-10	4.4%

WP.org Readiness

Excellent

Why this score?

Top deductions are based on 3 affected rules, reducing this category by 10 total points.

Rule	Hits	Impact	Share
Repo issue: Notice	4	-4	40%
Repo issue: Warning	1	-3	30%
Tested up to version is behind current WordPress	1	-3	30%

Speed

Performance

Excellent

Why this score?

Top deductions are based on 1 affected rules, reducing this category by 3 total points.

Rule	Hits	Impact	Share
Performance issue: Warning	1	-3	100%

Code

Code Quality

Excellent

Why this score?

Top deductions are based on 2 affected rules, reducing this category by 6 total points.

Rule	Hits	Impact	Share
Code Quality issue: Notice	3	-3	50%
Code Quality issue: Warning	1	-3	50%

A11y

Accessibility

High Risk

Why this score?

Top deductions are based on 2 affected rules, reducing this category by 56 total points.

Rule	Hits	Impact	Share
Accessibility issue: Warning	22	-44	78.6%
Accessibility issue: Notice	12	-12	21.4%

Bug

Vulnerability Status

100

Excellent

Why this score?

Top deductions are based on 0 affected rules, reducing this category by 0 total points.

No deductions were applied for this category in the latest score run.

Plugin Details

Version: 0.9.127
Active Installs: 900,000+
Last Updated: 2026-05-14 00:41:00
Tested up to: 6.9.4
Requires PHP: 5.3
Rating: 4.9/5 (1,482 ratings)
Support: 4/9 resolved (44%)
View on WordPress.org
Download Plugin

Scan Summary

Errors: 1
Warnings: 79
Notices: 19
Last Scanned: 2026-05-24 20:44:36
Score confidence: 100/100

Scans are performed automatically once per day, and the report will note when source data is stale or incomplete.

What Changed Since Last Scan

Run at least two completed scans to view issue deltas.

Detected Issues

Severity	Category	Message	File	Fix Guidance
NOTICE	REPO	Plugin is still at pre-release version 0.9.127.		Quick Set a stable semantic version once production readiness is confirmed. Moderate Define release criteria and changelog quality gates before promoting stable tags. Advanced Adopt automated release orchestration with semantic version enforcement and rollback plans.
ERROR	SECURITY	Declared minimum PHP 5.3 is end-of-life and has known unpatched security vulnerabilities.		Quick Raise minimum PHP requirement to at least 8.1 and update plugin metadata. Moderate Refactor incompatible code paths and remove legacy polyfills tied to EOL PHP. Advanced Continuously test and enforce supported PHP baselines via CI and release policy.
WARNING	SECURITY	Declared minimum WordPress 4.5 is very outdated and lacks modern security APIs.		Quick Raise minimum WordPress version to a modern supported release. Moderate Replace deprecated APIs and confirm compatibility across current WordPress branches. Advanced Run multi-version WordPress integration tests in CI and block unsupported API usage.
WARNING	CODE_QUALITY	Support thread resolution rate is below 50% (44% resolved).		Quick Close out older threads and improve response consistency on active issues. Moderate Build a documented support process with priority levels and escalation paths. Advanced Integrate support analytics and staffing forecasts to sustain healthy resolution rates.
WARNING	REPO	Main plugin file does not declare a Text Domain header.	a-wpvivid-restore-mu-plugin-check.php	Quick Add a Text Domain header so translation tooling and WordPress.org can identify the plugin textdomain. Moderate Apply the same remediation pattern across repo findings and re-scan to confirm warning issues drop. Advanced Add automated linting, CI checks, and team review guidance so this issue class is prevented in future releases.
NOTICE	REPO	Main plugin file does not declare a Domain Path header.	a-wpvivid-restore-mu-plugin-check.php	Quick Add a Domain Path header if language files are stored in a languages directory. Moderate Apply the same remediation pattern across repo findings and re-scan to confirm notice issues drop. Advanced Add automated linting, CI checks, and team review guidance so this issue class is prevented in future releases.
WARNING	SECURITY	Main plugin file does not appear to guard direct access with an ABSPATH check.	a-wpvivid-restore-mu-plugin-check.php	Quick Add an ABSPATH guard near the top of the main plugin file to prevent direct execution. Moderate Apply the same remediation pattern across security findings and re-scan to confirm warning issues drop. Advanced Add automated linting, CI checks, and team review guidance so this issue class is prevented in future releases.
NOTICE	REPO	Plugin package does not include a license file.		Quick Add a LICENSE or COPYING file so distribution terms are explicit. Moderate Apply the same remediation pattern across repo findings and re-scan to confirm notice issues drop. Advanced Add automated linting, CI checks, and team review guidance so this issue class is prevented in future releases.
WARNING	ACCESSIBILITY	Image markup without an alt attribute detected.	admin/class-wpvivid-admin.php	Quick Add alt attributes to the flagged image tags, or alt="" for decorative images. Moderate Audit all templates/components for missing alternative text and update content guidelines. Advanced Integrate accessibility testing in CI (axe/pa11y) and block releases with critical a11y violations.
WARNING	SECURITY	Raw superglobal access detected.	admin/partials/wpvivid-admin-display.php	Quick Wrap direct request values with sanitization and nonce verification in the affected code path. Moderate Centralize request normalization in helper methods so handlers consume validated input only. Advanced Adopt typed request DTOs and automated security lint checks for unsanitized superglobal access.
WARNING	ACCESSIBILITY	Image markup without an alt attribute detected.	admin/partials/wpvivid-schedule-page-display.php	Quick Add alt attributes to the flagged image tags, or alt="" for decorative images. Moderate Audit all templates/components for missing alternative text and update content guidelines. Advanced Integrate accessibility testing in CI (axe/pa11y) and block releases with critical a11y violations.
WARNING	ACCESSIBILITY	Image markup without an alt attribute detected.	admin/partials/wpvivid-backup-restore-page-display.php	Quick Add alt attributes to the flagged image tags, or alt="" for decorative images. Moderate Audit all templates/components for missing alternative text and update content guidelines. Advanced Integrate accessibility testing in CI (axe/pa11y) and block releases with critical a11y violations.
NOTICE	ACCESSIBILITY	Clickable div/span markup detected.	admin/partials/wpvivid-backup-restore-page-display.php	Quick Replace clickable div/span elements with semantic button or link elements. Moderate Standardize interactive UI patterns in shared components with keyboard and focus support. Advanced Create accessibility component standards and enforce them with UI linting and automated tests.
WARNING	ACCESSIBILITY	Image markup without an alt attribute detected.	admin/partials/wpvivid-remote-storage-page-display.php	Quick Add alt attributes to the flagged image tags, or alt="" for decorative images. Moderate Audit all templates/components for missing alternative text and update content guidelines. Advanced Integrate accessibility testing in CI (axe/pa11y) and block releases with critical a11y violations.
WARNING	SECURITY	Direct database query detected without an immediately visible $wpdb->prepare() wrapper.	includes/class-wpvivid-db-method.php	Quick Wrap dynamic SQL arguments with $wpdb->prepare() in the flagged query. Moderate Refactor repeated SQL into repository/helper methods that enforce prepared statements by default. Advanced Add integration tests and static checks that fail builds when direct dynamic SQL is introduced.
WARNING	ACCESSIBILITY	Image markup without an alt attribute detected.	includes/staging/class-wpvivid-staging-sites-list.php	Quick Add alt attributes to the flagged image tags, or alt="" for decorative images. Moderate Audit all templates/components for missing alternative text and update content guidelines. Advanced Integrate accessibility testing in CI (axe/pa11y) and block releases with critical a11y violations.
NOTICE	ACCESSIBILITY	Clickable div/span markup detected.	includes/staging/class-wpvivid-staging-sites-list.php	Quick Replace clickable div/span elements with semantic button or link elements. Moderate Standardize interactive UI patterns in shared components with keyboard and focus support. Advanced Create accessibility component standards and enforce them with UI linting and automated tests.
NOTICE	ACCESSIBILITY	Clickable div/span markup detected.	includes/staging/class-wpvivid-staging-ui-display.php	Quick Replace clickable div/span elements with semantic button or link elements. Moderate Standardize interactive UI patterns in shared components with keyboard and focus support. Advanced Create accessibility component standards and enforce them with UI linting and automated tests.
WARNING	ACCESSIBILITY	Image markup without an alt attribute detected.	includes/staging/class-wpvivid-staging-log-page.php	Quick Add alt attributes to the flagged image tags, or alt="" for decorative images. Moderate Audit all templates/components for missing alternative text and update content guidelines. Advanced Integrate accessibility testing in CI (axe/pa11y) and block releases with critical a11y violations.
WARNING	SECURITY	Direct database query detected without an immediately visible $wpdb->prepare() wrapper.	includes/staging/class-wpvivid-staging-create-ui-display.php	Quick Wrap dynamic SQL arguments with $wpdb->prepare() in the flagged query. Moderate Refactor repeated SQL into repository/helper methods that enforce prepared statements by default. Advanced Add integration tests and static checks that fail builds when direct dynamic SQL is introduced.
WARNING	SECURITY	Direct database query detected without an immediately visible $wpdb->prepare() wrapper.	includes/staging/class-wpvivid-fresh-install-create-ui-display.php	Quick Wrap dynamic SQL arguments with $wpdb->prepare() in the flagged query. Moderate Refactor repeated SQL into repository/helper methods that enforce prepared statements by default. Advanced Add integration tests and static checks that fail builds when direct dynamic SQL is introduced.
WARNING	SECURITY	Use of unserialize() detected.	includes/staging/class-wpvivid-staging-copy-db-ex.php	Quick Switch the flagged payload to JSON decoding where practical. Moderate If serialization is required, enforce allowed_classes=false and strict input validation before parsing. Advanced Move state transfer to signed/typed schemas and add security tests for malformed payloads.
WARNING	SECURITY	Direct database query detected without an immediately visible $wpdb->prepare() wrapper.	includes/staging/class-wpvivid-staging-copy-db-ex.php	Quick Wrap dynamic SQL arguments with $wpdb->prepare() in the flagged query. Moderate Refactor repeated SQL into repository/helper methods that enforce prepared statements by default. Advanced Add integration tests and static checks that fail builds when direct dynamic SQL is introduced.
WARNING	SECURITY	Direct database query detected without an immediately visible $wpdb->prepare() wrapper.	includes/staging/class-wpvivid-staging-create-new-wp.php	Quick Wrap dynamic SQL arguments with $wpdb->prepare() in the flagged query. Moderate Refactor repeated SQL into repository/helper methods that enforce prepared statements by default. Advanced Add integration tests and static checks that fail builds when direct dynamic SQL is introduced.
WARNING	SECURITY	Raw superglobal access detected.	includes/staging/class-wpvivid-staging.php	Quick Wrap direct request values with sanitization and nonce verification in the affected code path. Moderate Centralize request normalization in helper methods so handlers consume validated input only. Advanced Adopt typed request DTOs and automated security lint checks for unsanitized superglobal access.
WARNING	SECURITY	Direct database query detected without an immediately visible $wpdb->prepare() wrapper.	includes/staging/class-wpvivid-staging.php	Quick Wrap dynamic SQL arguments with $wpdb->prepare() in the flagged query. Moderate Refactor repeated SQL into repository/helper methods that enforce prepared statements by default. Advanced Add integration tests and static checks that fail builds when direct dynamic SQL is introduced.
WARNING	PERFORMANCE	flush_rewrite_rules() detected.	includes/staging/class-wpvivid-staging.php	Quick Only flush rewrite rules during activation or explicit maintenance flows. Moderate Apply the same remediation pattern across performance findings and re-scan to confirm warning issues drop. Advanced Add automated linting, CI checks, and team review guidance so this issue class is prevented in future releases.
NOTICE	CODE_QUALITY	Legacy mysql_* function detected.	includes/class-wpvivid-additional-db-method.php	Quick Use WordPress database APIs or mysqli/PDO-based abstractions instead of deprecated mysql_* calls. Moderate Apply the same remediation pattern across code quality findings and re-scan to confirm notice issues drop. Advanced Add automated linting, CI checks, and team review guidance so this issue class is prevented in future releases.
WARNING	SECURITY	Use of base64_decode() detected.	includes/customclass/class-wpvivid-one-drive.php	Quick Ensure any encoded payloads are necessary, documented, and never used to obscure executable logic. Moderate Apply the same remediation pattern across security findings and re-scan to confirm warning issues drop. Advanced Add automated linting, CI checks, and team review guidance so this issue class is prevented in future releases.
WARNING	SECURITY	Raw superglobal access detected.	includes/customclass/class-wpvivid-one-drive.php	Quick Wrap direct request values with sanitization and nonce verification in the affected code path. Moderate Centralize request normalization in helper methods so handlers consume validated input only. Advanced Adopt typed request DTOs and automated security lint checks for unsanitized superglobal access.
WARNING	ACCESSIBILITY	Image markup without an alt attribute detected.	includes/customclass/class-wpvivid-one-drive.php	Quick Add alt attributes to the flagged image tags, or alt="" for decorative images. Moderate Audit all templates/components for missing alternative text and update content guidelines. Advanced Integrate accessibility testing in CI (axe/pa11y) and block releases with critical a11y violations.
NOTICE	ACCESSIBILITY	Clickable div/span markup detected.	includes/customclass/class-wpvivid-one-drive.php	Quick Replace clickable div/span elements with semantic button or link elements. Moderate Standardize interactive UI patterns in shared components with keyboard and focus support. Advanced Create accessibility component standards and enforce them with UI linting and automated tests.
WARNING	SECURITY	Use of base64_decode() detected.	includes/customclass/class-wpvivid-ftpclass.php	Quick Ensure any encoded payloads are necessary, documented, and never used to obscure executable logic. Moderate Apply the same remediation pattern across security findings and re-scan to confirm warning issues drop. Advanced Add automated linting, CI checks, and team review guidance so this issue class is prevented in future releases.
WARNING	ACCESSIBILITY	Image markup without an alt attribute detected.	includes/customclass/class-wpvivid-ftpclass.php	Quick Add alt attributes to the flagged image tags, or alt="" for decorative images. Moderate Audit all templates/components for missing alternative text and update content guidelines. Advanced Integrate accessibility testing in CI (axe/pa11y) and block releases with critical a11y violations.
NOTICE	ACCESSIBILITY	Clickable div/span markup detected.	includes/customclass/class-wpvivid-ftpclass.php	Quick Replace clickable div/span elements with semantic button or link elements. Moderate Standardize interactive UI patterns in shared components with keyboard and focus support. Advanced Create accessibility component standards and enforce them with UI linting and automated tests.
WARNING	SECURITY	Use of base64_decode() detected.	includes/customclass/class-wpvivid-amazons3-plus.php	Quick Ensure any encoded payloads are necessary, documented, and never used to obscure executable logic. Moderate Apply the same remediation pattern across security findings and re-scan to confirm warning issues drop. Advanced Add automated linting, CI checks, and team review guidance so this issue class is prevented in future releases.
WARNING	ACCESSIBILITY	Image markup without an alt attribute detected.	includes/customclass/class-wpvivid-amazons3-plus.php	Quick Add alt attributes to the flagged image tags, or alt="" for decorative images. Moderate Audit all templates/components for missing alternative text and update content guidelines. Advanced Integrate accessibility testing in CI (axe/pa11y) and block releases with critical a11y violations.
NOTICE	ACCESSIBILITY	Clickable div/span markup detected.	includes/customclass/class-wpvivid-amazons3-plus.php	Quick Replace clickable div/span elements with semantic button or link elements. Moderate Standardize interactive UI patterns in shared components with keyboard and focus support. Advanced Create accessibility component standards and enforce them with UI linting and automated tests.
WARNING	SECURITY	Use of base64_decode() detected.	includes/customclass/class-wpvivid-sftpclass.php	Quick Ensure any encoded payloads are necessary, documented, and never used to obscure executable logic. Moderate Apply the same remediation pattern across security findings and re-scan to confirm warning issues drop. Advanced Add automated linting, CI checks, and team review guidance so this issue class is prevented in future releases.
WARNING	ACCESSIBILITY	Image markup without an alt attribute detected.	includes/customclass/class-wpvivid-sftpclass.php	Quick Add alt attributes to the flagged image tags, or alt="" for decorative images. Moderate Audit all templates/components for missing alternative text and update content guidelines. Advanced Integrate accessibility testing in CI (axe/pa11y) and block releases with critical a11y violations.
NOTICE	ACCESSIBILITY	Clickable div/span markup detected.	includes/customclass/class-wpvivid-sftpclass.php	Quick Replace clickable div/span elements with semantic button or link elements. Moderate Standardize interactive UI patterns in shared components with keyboard and focus support. Advanced Create accessibility component standards and enforce them with UI linting and automated tests.
WARNING	SECURITY	Raw superglobal access detected.	includes/customclass/class-wpvivid-dropbox.php	Quick Wrap direct request values with sanitization and nonce verification in the affected code path. Moderate Centralize request normalization in helper methods so handlers consume validated input only. Advanced Adopt typed request DTOs and automated security lint checks for unsanitized superglobal access.
WARNING	ACCESSIBILITY	Image markup without an alt attribute detected.	includes/customclass/class-wpvivid-dropbox.php	Quick Add alt attributes to the flagged image tags, or alt="" for decorative images. Moderate Audit all templates/components for missing alternative text and update content guidelines. Advanced Integrate accessibility testing in CI (axe/pa11y) and block releases with critical a11y violations.
NOTICE	ACCESSIBILITY	Clickable div/span markup detected.	includes/customclass/class-wpvivid-dropbox.php	Quick Replace clickable div/span elements with semantic button or link elements. Moderate Standardize interactive UI patterns in shared components with keyboard and focus support. Advanced Create accessibility component standards and enforce them with UI linting and automated tests.
NOTICE	CODE_QUALITY	Short PHP opening tags or inline template tags may reduce compatibility across environments.	includes/customclass/class-wpvivid-s3.php	Quick Prefer full <?php opening tags for maximum portability. Moderate Apply the same remediation pattern across code quality findings and re-scan to confirm notice issues drop. Advanced Add automated linting, CI checks, and team review guidance so this issue class is prevented in future releases.
WARNING	SECURITY	Use of base64_decode() detected.	includes/customclass/class-wpvivid-s3compat.php	Quick Ensure any encoded payloads are necessary, documented, and never used to obscure executable logic. Moderate Apply the same remediation pattern across security findings and re-scan to confirm warning issues drop. Advanced Add automated linting, CI checks, and team review guidance so this issue class is prevented in future releases.
WARNING	ACCESSIBILITY	Image markup without an alt attribute detected.	includes/customclass/class-wpvivid-s3compat.php	Quick Add alt attributes to the flagged image tags, or alt="" for decorative images. Moderate Audit all templates/components for missing alternative text and update content guidelines. Advanced Integrate accessibility testing in CI (axe/pa11y) and block releases with critical a11y violations.
NOTICE	ACCESSIBILITY	Clickable div/span markup detected.	includes/customclass/class-wpvivid-s3compat.php	Quick Replace clickable div/span elements with semantic button or link elements. Moderate Standardize interactive UI patterns in shared components with keyboard and focus support. Advanced Create accessibility component standards and enforce them with UI linting and automated tests.
WARNING	SECURITY	Use of base64_decode() detected.	includes/customclass/class-wpvivid-send-to-site.php	Quick Ensure any encoded payloads are necessary, documented, and never used to obscure executable logic. Moderate Apply the same remediation pattern across security findings and re-scan to confirm warning issues drop. Advanced Add automated linting, CI checks, and team review guidance so this issue class is prevented in future releases.
WARNING	SECURITY	Raw superglobal access detected.	includes/customclass/class-wpvivid-send-to-site.php	Quick Wrap direct request values with sanitization and nonce verification in the affected code path. Moderate Centralize request normalization in helper methods so handlers consume validated input only. Advanced Adopt typed request DTOs and automated security lint checks for unsanitized superglobal access.
WARNING	SECURITY	Use of base64_decode() detected.	includes/customclass/class-wpvivid-google-drive.php	Quick Ensure any encoded payloads are necessary, documented, and never used to obscure executable logic. Moderate Apply the same remediation pattern across security findings and re-scan to confirm warning issues drop. Advanced Add automated linting, CI checks, and team review guidance so this issue class is prevented in future releases.
WARNING	SECURITY	Raw superglobal access detected.	includes/customclass/class-wpvivid-google-drive.php	Quick Wrap direct request values with sanitization and nonce verification in the affected code path. Moderate Centralize request normalization in helper methods so handlers consume validated input only. Advanced Adopt typed request DTOs and automated security lint checks for unsanitized superglobal access.
WARNING	ACCESSIBILITY	Image markup without an alt attribute detected.	includes/customclass/class-wpvivid-google-drive.php	Quick Add alt attributes to the flagged image tags, or alt="" for decorative images. Moderate Audit all templates/components for missing alternative text and update content guidelines. Advanced Integrate accessibility testing in CI (axe/pa11y) and block releases with critical a11y violations.
NOTICE	ACCESSIBILITY	Clickable div/span markup detected.	includes/customclass/class-wpvivid-google-drive.php	Quick Replace clickable div/span elements with semantic button or link elements. Moderate Standardize interactive UI patterns in shared components with keyboard and focus support. Advanced Create accessibility component standards and enforce them with UI linting and automated tests.
WARNING	SECURITY	Use of base64_decode() detected.	includes/customclass/class-wpvivid-base-dropbox.php	Quick Ensure any encoded payloads are necessary, documented, and never used to obscure executable logic. Moderate Apply the same remediation pattern across security findings and re-scan to confirm warning issues drop. Advanced Add automated linting, CI checks, and team review guidance so this issue class is prevented in future releases.
WARNING	ACCESSIBILITY	Image markup without an alt attribute detected.	includes/class-wpvivid-backuplist.php	Quick Add alt attributes to the flagged image tags, or alt="" for decorative images. Moderate Audit all templates/components for missing alternative text and update content guidelines. Advanced Integrate accessibility testing in CI (axe/pa11y) and block releases with critical a11y violations.
WARNING	SECURITY	Direct database query detected without an immediately visible $wpdb->prepare() wrapper.	includes/class-wpvivid-mysqldump.php	Quick Wrap dynamic SQL arguments with $wpdb->prepare() in the flagged query. Moderate Refactor repeated SQL into repository/helper methods that enforce prepared statements by default. Advanced Add integration tests and static checks that fail builds when direct dynamic SQL is introduced.
WARNING	ACCESSIBILITY	Image markup without an alt attribute detected.	includes/class-wpvivid-mail-report.php	Quick Add alt attributes to the flagged image tags, or alt="" for decorative images. Moderate Audit all templates/components for missing alternative text and update content guidelines. Advanced Integrate accessibility testing in CI (axe/pa11y) and block releases with critical a11y violations.
WARNING	SECURITY	Raw superglobal access detected.	includes/class-wpvivid.php	Quick Wrap direct request values with sanitization and nonce verification in the affected code path. Moderate Centralize request normalization in helper methods so handlers consume validated input only. Advanced Adopt typed request DTOs and automated security lint checks for unsanitized superglobal access.
WARNING	SECURITY	Direct database query detected without an immediately visible $wpdb->prepare() wrapper.	includes/class-wpvivid.php	Quick Wrap dynamic SQL arguments with $wpdb->prepare() in the flagged query. Moderate Refactor repeated SQL into repository/helper methods that enforce prepared statements by default. Advanced Add integration tests and static checks that fail builds when direct dynamic SQL is introduced.
WARNING	ACCESSIBILITY	Image markup without an alt attribute detected.	includes/class-wpvivid.php	Quick Add alt attributes to the flagged image tags, or alt="" for decorative images. Moderate Audit all templates/components for missing alternative text and update content guidelines. Advanced Integrate accessibility testing in CI (axe/pa11y) and block releases with critical a11y violations.
NOTICE	ACCESSIBILITY	Clickable div/span markup detected.	includes/class-wpvivid.php	Quick Replace clickable div/span elements with semantic button or link elements. Moderate Standardize interactive UI patterns in shared components with keyboard and focus support. Advanced Create accessibility component standards and enforce them with UI linting and automated tests.
WARNING	SECURITY	Use of unserialize() detected.	includes/class-wpvivid-importer.php	Quick Switch the flagged payload to JSON decoding where practical. Moderate If serialization is required, enforce allowed_classes=false and strict input validation before parsing. Advanced Move state transfer to signed/typed schemas and add security tests for malformed payloads.
WARNING	SECURITY	Raw superglobal access detected.	includes/class-wpvivid-importer.php	Quick Wrap direct request values with sanitization and nonce verification in the affected code path. Moderate Centralize request normalization in helper methods so handlers consume validated input only. Advanced Adopt typed request DTOs and automated security lint checks for unsanitized superglobal access.
WARNING	SECURITY	Direct database query detected without an immediately visible $wpdb->prepare() wrapper.	includes/class-wpvivid-importer.php	Quick Wrap dynamic SQL arguments with $wpdb->prepare() in the flagged query. Moderate Refactor repeated SQL into repository/helper methods that enforce prepared statements by default. Advanced Add integration tests and static checks that fail builds when direct dynamic SQL is introduced.
WARNING	ACCESSIBILITY	Image markup without an alt attribute detected.	includes/class-wpvivid-importer.php	Quick Add alt attributes to the flagged image tags, or alt="" for decorative images. Moderate Audit all templates/components for missing alternative text and update content guidelines. Advanced Integrate accessibility testing in CI (axe/pa11y) and block releases with critical a11y violations.
WARNING	SECURITY	Raw superglobal access detected.	includes/new_backup/class-wpvivid-restore2.php	Quick Wrap direct request values with sanitization and nonce verification in the affected code path. Moderate Centralize request normalization in helper methods so handlers consume validated input only. Advanced Adopt typed request DTOs and automated security lint checks for unsanitized superglobal access.
WARNING	SECURITY	Direct database query detected without an immediately visible $wpdb->prepare() wrapper.	includes/new_backup/class-wpvivid-restore2.php	Quick Wrap dynamic SQL arguments with $wpdb->prepare() in the flagged query. Moderate Refactor repeated SQL into repository/helper methods that enforce prepared statements by default. Advanced Add integration tests and static checks that fail builds when direct dynamic SQL is introduced.
WARNING	SECURITY	Direct database query detected without an immediately visible $wpdb->prepare() wrapper.	includes/new_backup/class-wpvivid-restore-db-method-2.php	Quick Wrap dynamic SQL arguments with $wpdb->prepare() in the flagged query. Moderate Refactor repeated SQL into repository/helper methods that enforce prepared statements by default. Advanced Add integration tests and static checks that fail builds when direct dynamic SQL is introduced.
WARNING	SECURITY	Use of unserialize() detected.	includes/new_backup/class-wpvivid-restore-db-2.php	Quick Switch the flagged payload to JSON decoding where practical. Moderate If serialization is required, enforce allowed_classes=false and strict input validation before parsing. Advanced Move state transfer to signed/typed schemas and add security tests for malformed payloads.
WARNING	SECURITY	Direct database query detected without an immediately visible $wpdb->prepare() wrapper.	includes/new_backup/class-wpvivid-restore-db-2.php	Quick Wrap dynamic SQL arguments with $wpdb->prepare() in the flagged query. Moderate Refactor repeated SQL into repository/helper methods that enforce prepared statements by default. Advanced Add integration tests and static checks that fail builds when direct dynamic SQL is introduced.
WARNING	SECURITY	Use of base64_decode() detected.	includes/new_backup/class-wpvivid-backup2.php	Quick Ensure any encoded payloads are necessary, documented, and never used to obscure executable logic. Moderate Apply the same remediation pattern across security findings and re-scan to confirm warning issues drop. Advanced Add automated linting, CI checks, and team review guidance so this issue class is prevented in future releases.
WARNING	SECURITY	Direct database query detected without an immediately visible $wpdb->prepare() wrapper.	includes/new_backup/class-wpvivid-mysqldump2.php	Quick Wrap dynamic SQL arguments with $wpdb->prepare() in the flagged query. Moderate Refactor repeated SQL into repository/helper methods that enforce prepared statements by default. Advanced Add integration tests and static checks that fail builds when direct dynamic SQL is introduced.
WARNING	SECURITY	Raw superglobal access detected.	includes/class-wpvivid-exporter.php	Quick Wrap direct request values with sanitization and nonce verification in the affected code path. Moderate Centralize request normalization in helper methods so handlers consume validated input only. Advanced Adopt typed request DTOs and automated security lint checks for unsanitized superglobal access.
WARNING	SECURITY	Direct database query detected without an immediately visible $wpdb->prepare() wrapper.	includes/class-wpvivid-exporter.php	Quick Wrap dynamic SQL arguments with $wpdb->prepare() in the flagged query. Moderate Refactor repeated SQL into repository/helper methods that enforce prepared statements by default. Advanced Add integration tests and static checks that fail builds when direct dynamic SQL is introduced.
NOTICE	CODE_QUALITY	Short PHP opening tags or inline template tags may reduce compatibility across environments.	includes/class-wpvivid-exporter.php	Quick Prefer full <?php opening tags for maximum portability. Moderate Apply the same remediation pattern across code quality findings and re-scan to confirm notice issues drop. Advanced Add automated linting, CI checks, and team review guidance so this issue class is prevented in future releases.
WARNING	ACCESSIBILITY	Image markup without an alt attribute detected.	includes/class-wpvivid-exporter.php	Quick Add alt attributes to the flagged image tags, or alt="" for decorative images. Moderate Audit all templates/components for missing alternative text and update content guidelines. Advanced Integrate accessibility testing in CI (axe/pa11y) and block releases with critical a11y violations.
WARNING	SECURITY	Direct database query detected without an immediately visible $wpdb->prepare() wrapper.	includes/upload-cleaner/class-wpvivid-isolate-files.php	Quick Wrap dynamic SQL arguments with $wpdb->prepare() in the flagged query. Moderate Refactor repeated SQL into repository/helper methods that enforce prepared statements by default. Advanced Add integration tests and static checks that fail builds when direct dynamic SQL is introduced.
WARNING	SECURITY	Raw superglobal access detected.	includes/upload-cleaner/class-wpvivid-uploads-cleaner.php	Quick Wrap direct request values with sanitization and nonce verification in the affected code path. Moderate Centralize request normalization in helper methods so handlers consume validated input only. Advanced Adopt typed request DTOs and automated security lint checks for unsanitized superglobal access.
WARNING	ACCESSIBILITY	Image markup without an alt attribute detected.	includes/upload-cleaner/class-wpvivid-uploads-cleaner.php	Quick Add alt attributes to the flagged image tags, or alt="" for decorative images. Moderate Audit all templates/components for missing alternative text and update content guidelines. Advanced Integrate accessibility testing in CI (axe/pa11y) and block releases with critical a11y violations.
WARNING	SECURITY	Use of unserialize() detected.	includes/upload-cleaner/class-wpvivid-uploads-scanner.php	Quick Switch the flagged payload to JSON decoding where practical. Moderate If serialization is required, enforce allowed_classes=false and strict input validation before parsing. Advanced Move state transfer to signed/typed schemas and add security tests for malformed payloads.
WARNING	SECURITY	Direct database query detected without an immediately visible $wpdb->prepare() wrapper.	includes/upload-cleaner/class-wpvivid-uploads-scanner.php	Quick Wrap dynamic SQL arguments with $wpdb->prepare() in the flagged query. Moderate Refactor repeated SQL into repository/helper methods that enforce prepared statements by default. Advanced Add integration tests and static checks that fail builds when direct dynamic SQL is introduced.
WARNING	ACCESSIBILITY	Image markup without an alt attribute detected.	includes/class-wpvivid-tab-page-container.php	Quick Add alt attributes to the flagged image tags, or alt="" for decorative images. Moderate Audit all templates/components for missing alternative text and update content guidelines. Advanced Integrate accessibility testing in CI (axe/pa11y) and block releases with critical a11y violations.
WARNING	ACCESSIBILITY	Image markup without an alt attribute detected.	includes/snapshot/class-wpvivid-snapshot.php	Quick Add alt attributes to the flagged image tags, or alt="" for decorative images. Moderate Audit all templates/components for missing alternative text and update content guidelines. Advanced Integrate accessibility testing in CI (axe/pa11y) and block releases with critical a11y violations.
WARNING	SECURITY	Direct database query detected without an immediately visible $wpdb->prepare() wrapper.	includes/snapshot/class-wpvivid-snapshot-options.php	Quick Wrap dynamic SQL arguments with $wpdb->prepare() in the flagged query. Moderate Refactor repeated SQL into repository/helper methods that enforce prepared statements by default. Advanced Add integration tests and static checks that fail builds when direct dynamic SQL is introduced.
WARNING	SECURITY	Direct database query detected without an immediately visible $wpdb->prepare() wrapper.	includes/snapshot/class-wpvivid-snapshot-function.php	Quick Wrap dynamic SQL arguments with $wpdb->prepare() in the flagged query. Moderate Refactor repeated SQL into repository/helper methods that enforce prepared statements by default. Advanced Add integration tests and static checks that fail builds when direct dynamic SQL is introduced.
WARNING	SECURITY	Raw superglobal access detected.	includes/class-wpvivid-export-import.php	Quick Wrap direct request values with sanitization and nonce verification in the affected code path. Moderate Centralize request normalization in helper methods so handlers consume validated input only. Advanced Adopt typed request DTOs and automated security lint checks for unsanitized superglobal access.
WARNING	ACCESSIBILITY	Image markup without an alt attribute detected.	includes/class-wpvivid-export-import.php	Quick Add alt attributes to the flagged image tags, or alt="" for decorative images. Moderate Audit all templates/components for missing alternative text and update content guidelines. Advanced Integrate accessibility testing in CI (axe/pa11y) and block releases with critical a11y violations.
NOTICE	ACCESSIBILITY	Clickable div/span markup detected.	includes/class-wpvivid-export-import.php	Quick Replace clickable div/span elements with semantic button or link elements. Moderate Standardize interactive UI patterns in shared components with keyboard and focus support. Advanced Create accessibility component standards and enforce them with UI linting and automated tests.
WARNING	SECURITY	Use of base64_decode() detected.	includes/lib/google-api-php-client/src/Google/Client.php	Quick Ensure any encoded payloads are necessary, documented, and never used to obscure executable logic. Moderate Apply the same remediation pattern across security findings and re-scan to confirm warning issues drop. Advanced Add automated linting, CI checks, and team review guidance so this issue class is prevented in future releases.
WARNING	SECURITY	Use of unserialize() detected.	includes/lib/aws-sdk-php-2.8.31/src/Aws/Common/Model/MultipartUpload/AbstractUploadId.php	Quick Switch the flagged payload to JSON decoding where practical. Moderate If serialization is required, enforce allowed_classes=false and strict input validation before parsing. Advanced Move state transfer to signed/typed schemas and add security tests for malformed payloads.
WARNING	SECURITY	Use of unserialize() detected.	includes/lib/aws-sdk-php-2.8.31/src/Aws/Common/Model/MultipartUpload/AbstractTransferState.php	Quick Switch the flagged payload to JSON decoding where practical. Moderate If serialization is required, enforce allowed_classes=false and strict input validation before parsing. Advanced Move state transfer to signed/typed schemas and add security tests for malformed payloads.
WARNING	SECURITY	Use of unserialize() detected.	includes/lib/aws-sdk-php-2.8.31/src/Aws/Common/Model/MultipartUpload/AbstractUploadPart.php	Quick Switch the flagged payload to JSON decoding where practical. Moderate If serialization is required, enforce allowed_classes=false and strict input validation before parsing. Advanced Move state transfer to signed/typed schemas and add security tests for malformed payloads.
WARNING	SECURITY	Use of unserialize() detected.	includes/lib/aws-sdk-php-2.8.31/src/Aws/Common/Credentials/Credentials.php	Quick Switch the flagged payload to JSON decoding where practical. Moderate If serialization is required, enforce allowed_classes=false and strict input validation before parsing. Advanced Move state transfer to signed/typed schemas and add security tests for malformed payloads.
WARNING	SECURITY	Use of unserialize() detected.	includes/lib/aws-sdk-php-2.8.31/src/Aws/Common/Credentials/RefreshableInstanceProfileCredentials.php	Quick Switch the flagged payload to JSON decoding where practical. Moderate If serialization is required, enforce allowed_classes=false and strict input validation before parsing. Advanced Move state transfer to signed/typed schemas and add security tests for malformed payloads.
WARNING	SECURITY	Use of unserialize() detected.	includes/lib/aws-sdk-php-2.8.31/src/Aws/Common/Credentials/AbstractCredentialsDecorator.php	Quick Switch the flagged payload to JSON decoding where practical. Moderate If serialization is required, enforce allowed_classes=false and strict input validation before parsing. Advanced Move state transfer to signed/typed schemas and add security tests for malformed payloads.
WARNING	SECURITY	Use of unserialize() detected.	includes/lib/aws-sdk-php-2.8.31/src/Aws/Common/Credentials/NullCredentials.php	Quick Switch the flagged payload to JSON decoding where practical. Moderate If serialization is required, enforce allowed_classes=false and strict input validation before parsing. Advanced Move state transfer to signed/typed schemas and add security tests for malformed payloads.
WARNING	SECURITY	Use of base64_decode() detected.	includes/lib2/google-api-php-client/src/WPvivid/Google/Client.php	Quick Ensure any encoded payloads are necessary, documented, and never used to obscure executable logic. Moderate Apply the same remediation pattern across security findings and re-scan to confirm warning issues drop. Advanced Add automated linting, CI checks, and team review guidance so this issue class is prevented in future releases.
NOTICE	REPO	Translation functions are present, but no textdomain loader was detected.		Quick Call load_plugin_textdomain() during plugin bootstrap so translations can be loaded. Moderate Apply the same remediation pattern across repo findings and re-scan to confirm notice issues drop. Advanced Add automated linting, CI checks, and team review guidance so this issue class is prevented in future releases.

Score History

No history available yet. · All-Time High: N/A

All Past Vulnerabilities

Showing all known historical vulnerabilities for this plugin, including open and closed records.

Vulnerability	CVE	Severity	Status	Affected Versions	Patched Version	Updated	Source
Migration, Backup, Staging – WPvivid <= 0.9.75 - Authenticated (Administrator+) Path Traversal	N/A	LOW	Closed	*-0.9.75	0.9.76	2022-08-22 00:00:00	Wordfence
Migration, Backup, Staging – WPvivid <= 0.9.112 - Authenticated (Admin+) Arbitrary File Upload via wpvivid_upload_file	N/A	LOW	Closed	*-0.9.112	0.9.113	2025-02-21 00:00:00	Wordfence
Migration, Backup, Staging – WPvivid <= 0.9.68 - Unauthenticated Stored Cross-Site Scripting	N/A	LOW	Closed	[*, 0.9.69)	0.9.69	2022-01-31 00:00:00	Wordfence
Migration, Backup, Staging – WPvivid <= 0.9.55 - Reflected Cross-Site Scripting	N/A	LOW	Closed	*-0.9.55	0.9.56	2021-08-09 00:00:00	Wordfence
Migration, Backup, Staging – WPvivid <= 0.9.70 - Authenticated Arbitrary File Read	N/A	LOW	Closed	*-0.9.70	0.9.71	2022-04-07 10:08:00	Wordfence
WPvivid Backup Plugin <= 0.9.90 - Missing Authorization via 'start_staging' and 'get_staging_progress'	N/A	LOW	Closed	[*, 0.9.91)	0.9.91	2023-09-12 00:00:00	Wordfence
Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.128 - Authenticated (Admin+) Arbitrary Directory Deletion	N/A	LOW	Closed	*-0.9.128	0.9.129	2026-06-05 10:43:12	Wordfence
Migration, Backup, Staging – WPvivid <= 0.9.89 - Authenticated Stored Cross-Site Scripting	N/A	LOW	Closed	*-0.9.89	0.9.90	2023-09-22 00:00:00	Wordfence
WPvivid Backup and Migration <= 0.9.106 - Missing Authorization	N/A	LOW	Closed	*-0.9.106	0.9.107	2025-01-03 00:00:00	Wordfence
Migration, Backup, Staging – WPvivid <= 0.9.91 - Google Drive Client Secret Exposure	N/A	LOW	Closed	*-0.9.91	0.9.92	2023-10-13 00:00:00	Wordfence
WPvivid Backup and Migration <= 0.9.68 - Missing Authorization	N/A	LOW	Closed	*-0.9.68	0.9.69	2024-02-28 00:00:00	Wordfence
Migration, Backup, Staging – WPvivid <= 0.9.89 - Authenticated (Administrator+) Arbitrary Directory Deletion via Path Traversal	N/A	LOW	Closed	0.9.89	0.9.90	2023-09-22 00:00:00	Wordfence
Migration, Backup, Staging – WPvivid <= 0.9.75 - Authenticated (Admin+) Directory Traversal	N/A	LOW	Closed	*-0.9.75	0.9.76	2022-08-16 00:00:00	Wordfence
Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.120 - Authenticated (Admin+) Arbitrary Directory Creation	N/A	LOW	Closed	*-0.9.120	0.9.121	2025-12-20 14:45:41	Wordfence
WPvivid Backup and Migration <= 0.9.68 - Unauthenticated SQL Injection	N/A	LOW	Closed	0.9.68	0.9.69	2024-02-28 00:00:00	Wordfence
Migration, Backup, Staging – WPvivid <= 0.9.35 - Sensitive Information Disclosure	N/A	LOW	Closed	[*, 0.9.36)	0.9.36	2020-03-23 00:00:00	Wordfence
Migration, Backup, Staging – WPvivid <= 0.9.107 - Unauthenticated PHP Object Injection	N/A	LOW	Closed	*-0.9.107	0.9.108	2024-11-13 00:00:00	Wordfence
WPvivid Backup 0.9.76 - Authenticated (Administrator+) Arbitrary File Deletion	N/A	LOW	Closed	0.9.76	0.9.77	2022-08-29 00:00:00	Wordfence
Migration, Backup, Staging – WPvivid <= 0.9.74 - Authenticated (Admin+) PHAR Deserialization	N/A	LOW	Closed	*-0.9.74	0.9.75	2022-08-10 00:00:00	Wordfence
WPvivid <= 0.9.94 - Missing Authorization	N/A	LOW	Closed	*-0.9.94	0.9.95	2024-01-19 00:00:00	Wordfence
WPvivid Backup & Migration Plugin <= 0.9.99 - Authenticated (Admin+) PHAR Deserialization	N/A	LOW	Closed	*-0.9.99	0.9.100	2024-04-11 00:00:00	Wordfence
Migration, Backup, Staging – WPvivid <= 0.9.105 - Sensitive Information Exposure	N/A	LOW	Closed	*-0.9.105	0.9.106	2024-09-11 00:00:00	Wordfence
Migration, Backup, Staging – WPvivid <= 0.9.89 - Authenticated (Administrator+) Stored Cross-Site Scripting	N/A	LOW	Closed	*-0.9.89	0.9.90	2023-09-22 00:00:00	Wordfence
Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.116 - Authenticated (Administrator+) Arbitrary File Upload	N/A	LOW	Closed	*-0.9.116	0.9.117	2025-07-03 00:35:32	Wordfence
Migration, Backup, Staging – WPvivid <= 0.9.35 - Authenticated (Subscriber+) Arbitrary File Upload	N/A	LOW	Closed	*-0.9.35	0.9.36	2020-03-13 00:00:00	Wordfence
Migration, Backup, Staging <= 0.9.123 - Unauthenticated Arbitrary File Upload	N/A	LOW	Closed	*-0.9.123	0.9.124	2026-02-10 17:13:35	Wordfence
Migration, Backup, Staging – WPvivid <= 0.9.69 - Reflected Cross-Site Scripting via sub_page Parameter	N/A	LOW	Closed	[*, 0.9.70)	0.9.70	2022-03-21 00:00:00	Wordfence

Search plugins

WPvivid — Backup, Migration & Staging

Overall Score

What this score means

Actions

Score Breakdown

Plugin Details

Scan Summary

What Changed Since Last Scan

Detected Issues

Score History

All Past Vulnerabilities