{"id":350,"date":"2026-02-11T16:38:18","date_gmt":"2026-02-11T15:38:18","guid":{"rendered":"https:\/\/helloblog.io\/hu\/kritikus-fajlfeltoltesi-sebezhetoseg-wpvivid-backup\/"},"modified":"2026-02-11T16:38:18","modified_gmt":"2026-02-11T15:38:18","slug":"kritikus-fajlfeltoltesi-sebezhetoseg-wpvivid-backup","status":"publish","type":"post","link":"https:\/\/helloblog.io\/hu\/kritikus-fajlfeltoltesi-sebezhetoseg-wpvivid-backup\/","title":{"rendered":"Kritikus f\u00e1jlfelt\u00f6lt\u00e9si sebezhet\u0151s\u00e9g a WPvivid Backup b\u0151v\u00edtm\u00e9nyben: 800 ezer WordPress oldal lehet \u00e9rintett"},"content":{"rendered":"\n<p>A WordPress-es ment\u00e9sek vil\u00e1ga tele van k\u00e9nyelmi funkci\u00f3kkal, \u00e9s pont ezek tudnak a legk\u00f6nnyebben vesz\u00e9lyess\u00e9 v\u00e1lni, ha egy-egy edge case hib\u00e1san van kezelve. A Wordfence 2026. febru\u00e1r elej\u00e9n k\u00f6zz\u00e9tett elemz\u00e9se szerint a WPvivid Backup (WordPress.org-on: <strong>WPvivid Backup &#038; Migration \/ Migration, Backup, Staging<\/strong>) egy kritikus, bejelentkez\u00e9s n\u00e9lk\u00fcl kihaszn\u00e1lhat\u00f3 <strong>arbitrary file upload<\/strong> sebezhet\u0151s\u00e9get tartalmazott, ami megfelel\u0151 k\u00f6r\u00fclm\u00e9nyek k\u00f6z\u00f6tt <strong>remote code execution<\/strong> (RCE) fel\u00e9 nyithat utat.<\/p>\n\n\n\n<p>A b\u0151v\u00edtm\u00e9ny t\u00f6bb mint <strong>800 000 akt\u00edv telep\u00edt\u00e9ssel<\/strong> rendelkezik, \u00edgy a h\u00edr s\u00falya nagy. Ugyanakkor fontos finoms\u00e1g: a Wordfence szerint a sebezhet\u0151s\u00e9g <strong>kritikusan f\u0151leg azokat a site-okat \u00e9rinti<\/strong>, ahol a b\u0151v\u00edtm\u00e9nyben <strong>k\u00fcl\u00f6n gener\u00e1lt kulcs<\/strong> enged\u00e9lyezi, hogy <strong>egy m\u00e1sik oldal ment\u00e9st k\u00fcldhessen<\/strong> erre a site-ra. Ez a funkci\u00f3 <strong>alapb\u00f3l ki van kapcsolva<\/strong>, \u00e9s a kulcs lej\u00e1rata <strong>legfeljebb 24 \u00f3r\u00e1ra<\/strong> \u00e1ll\u00edthat\u00f3.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">R\u00f6viden a l\u00e9nyeg (mit\u0151l kritikus ez a hiba?)<\/h2>\n\n\n\n<p>A Wordfence Intelligence \u00f6sszefoglal\u00f3ja alapj\u00e1n a WPvivid Backup &#038; Migration b\u0151v\u00edtm\u00e9ny <strong>0.9.123 \u00e9s kor\u00e1bbi<\/strong> verzi\u00f3iban egy t\u00e1mad\u00f3 <strong>hiteles\u00edt\u00e9s n\u00e9lk\u00fcl<\/strong> k\u00e9pes lehet tetsz\u0151leges f\u00e1jlokat felt\u00f6lteni \u00fagy, hogy a v\u00e9g\u00e9n ak\u00e1r <strong>PHP f\u00e1jl<\/strong> is kiker\u00fclhet egy publikusan el\u00e9rhet\u0151 k\u00f6nyvt\u00e1rba. Ha ez megt\u00f6rt\u00e9nik, a felt\u00f6lt\u00f6tt f\u00e1jl URL-en megh\u00edvva <strong>k\u00f3dfuttat\u00e1st<\/strong> eredm\u00e9nyezhet a szerveren, ami tipikusan teljes oldal\u00e1tv\u00e9telhez vezet (webshell, tov\u00e1bbi payloadok, jogosults\u00e1gemel\u00e9s, stb.).<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li><strong>\u00c9rintett verzi\u00f3k:<\/strong> <= 0.9.123<\/li>\n\n\n<li><strong>Jav\u00edtott verzi\u00f3:<\/strong> 0.9.124<\/li>\n\n\n<li><strong>CVE:<\/strong> CVE-2026-1357<\/li>\n\n\n<li><strong>CVSS:<\/strong> 9.8 (Critical)<\/li>\n\n\n<li><strong>T\u00e1mad\u00e1si t\u00edpus:<\/strong> Unauthenticated Arbitrary File Upload, ami RCE-ig vihet\u0151<\/li>\n\n\n<li><strong>Kiemelt felt\u00e9tel:<\/strong> a \u201em\u00e1sik site ment\u00e9st k\u00fcldhet ide\u201d funkci\u00f3hoz gener\u00e1lt kulcs legyen akt\u00edv (alapb\u00f3l off), max. 24 \u00f3r\u00e1s lej\u00e1rattal<\/li>\n\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Kik vannak a legnagyobb bajban?<\/h2>\n\n\n\n<p>Nem az a tipikus \u201eminden telep\u00edt\u00e9s azonnal \u00e9g\u201d helyzet, mert a Wordfence szerint a legs\u00falyosabb kock\u00e1zat akkor \u00e1ll el\u0151, ha a WPvivid-ben <strong>gener\u00e1lt\u00e1l kulcsot<\/strong> a be\u00e1ll\u00edt\u00e1sokban, amivel <strong>egy m\u00e1sik oldal ment\u00e9st tud \u00e1tk\u00fcldeni<\/strong> a te oldaladra (a \u201ereceive a backup from another site\u201d jelleg\u0171 workflow).<\/p>\n\n\n\n<p>Ez k\u00e9t dolgot jelent gyakorlatban:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li>Ha soha nem haszn\u00e1ltad ezt az \u00e1tk\u00fcld\u00e9s\/\u00e1tv\u00e9tel funkci\u00f3t, j\u00f3 es\u00e9llyel nem vagy a legkritikusabb kateg\u00f3ri\u00e1ban.<\/li>\n\n\n<li>Ha viszont haszn\u00e1ltad (vagy valaki a csapatb\u00f3l bekapcsolta), akkor <strong>mindenk\u00e9pp<\/strong> s\u00fcrg\u0151s a friss\u00edt\u00e9s \u00e9s az ellen\u0151rz\u00e9s.<\/li>\n\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Technikai h\u00e1tt\u00e9r: mi romlott el a kript\u00f3s r\u00e9szben?<\/h2>\n\n\n\n<p>A Wordfence elemz\u00e9se szerint a b\u0151v\u00edtm\u00e9ny a ment\u00e9s fogad\u00e1s\u00e1hoz a <code>WPvivid_Send_to_site<\/code> oszt\u00e1ly <code>send_to_site()<\/code> f\u00fcggv\u00e9ny\u00e9t haszn\u00e1lja, \u00e9s a bej\u00f6v\u0151 tartalmat egy kulcsos (RSA + AES\/Rijndael) mechanizmussal pr\u00f3b\u00e1lja visszafejteni.<\/p>\n\n\n\n<p>A probl\u00e9ma a hibakezel\u00e9sn\u00e9l cs\u00faszott el: amikor az RSA visszafejt\u00e9s (a session key dek\u00f3dol\u00e1sa) az <code>openssl_private_decrypt()<\/code> jelleg\u0171 folyamatban megbukik, a k\u00f3d <strong>nem \u00e1ll le<\/strong> megfelel\u0151en. Ehelyett a sikertelen visszafejt\u00e9sb\u0151l sz\u00e1rmaz\u00f3 <code>false<\/code> \u00e9rt\u00e9k tov\u00e1bbcsorog az AES (phpseclib Rijndael) inicializ\u00e1l\u00e1s\u00e1ba.<\/p>\n\n\n\n<p>\u00c9s itt j\u00f6n a tr\u00fckk: a Wordfence le\u00edr\u00e1sa alapj\u00e1n a phpseclib k\u00f6nyvt\u00e1r ezt a <code>false<\/code> \u00e9rt\u00e9ket \u00fagy kezeli, mintha <strong>null byte-okb\u00f3l \u00e1ll\u00f3 string<\/strong> lenne. Emiatt a t\u00e1mad\u00f3 olyan payloadot tud el\u0151\u00e1ll\u00edtani, ami <strong>el\u0151re kisz\u00e1m\u00edthat\u00f3 \u201enull-b\u00e1jtos kulccsal\u201d<\/strong> titkos\u00edtott, \u00e9s a b\u0151v\u00edtm\u00e9ny ezt v\u00e9g\u00fcl dek\u00f3dolt (\u00e9rv\u00e9nyesnek t\u0171n\u0151) adatk\u00e9nt kezeli.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Mi\u00e9rt lesz ebb\u0151l f\u00e1jlfelt\u00f6lt\u00e9s + RCE?<\/h3>\n\n\n\n<p>A m\u00e1sodik \u00f6sszetev\u0151 a f\u00e1jln\u00e9v kezel\u00e9s. A Wordfence szerint a b\u0151v\u00edtm\u00e9ny a dek\u00f3dolt payloadb\u00f3l \u00e9rkez\u0151 f\u00e1jlnevet <strong>nem tiszt\u00edtja megfelel\u0151en<\/strong>, \u00edgy <strong>path traversal<\/strong> (k\u00f6nyvt\u00e1rbej\u00e1r\u00e1s) is lehets\u00e9ges: a t\u00e1mad\u00f3 ki tud \u201esz\u00f6kni\u201d a ment\u00e9seknek sz\u00e1nt v\u00e9dett backup k\u00f6nyvt\u00e1rb\u00f3l, \u00e9s olyan helyre \u00edrhat, ami weben kereszt\u00fcl el\u00e9rhet\u0151.<\/p>\n\n\n\n<p>Mivel a felt\u00f6lt\u0151 r\u00e9szben nem volt megfelel\u0151 f\u00e1jlt\u00edpus-\/kiterjeszt\u00e9s-ellen\u0151rz\u00e9s, a t\u00e1mad\u00f3 k\u00e9pes lehetett <strong>PHP f\u00e1jlt<\/strong> felt\u00f6lteni. Innent\u0151l az RCE m\u00e1r \u201ecsak\u201d annyi, hogy a felt\u00f6lt\u00f6tt f\u00e1jlt megh\u00edvja.<\/p>\n\n\n\n<p>A Wordfence konkr\u00e9tan azt \u00edrja, hogy a t\u00e1mad\u00e1si fel\u00fclet a <code>wpvivid_action=send_to_site<\/code> param\u00e9teren kereszt\u00fcl \u00e9rhet\u0151 el.<\/p>\n\n\n\n<div class=\"wp-block-group callout callout-warning is-style-warning is-layout-flow wp-block-group-is-layout-flow\" style=\"border-width:1px;border-radius:8px;padding-top:1rem;padding-right:1.5rem;padding-bottom:1rem;padding-left:1.5rem\">\n\n<h4 class=\"wp-block-heading callout-title\">Fontos megjegyz\u00e9s a val\u00f3s kock\u00e1zatr\u00f3l<\/h4>\n\n\n<p>A Wordfence k\u00fcl\u00f6n kiemeli: a sebezhet\u0151s\u00e9g <strong>kritikus hat\u00e1sa<\/strong> jellemz\u0151en akkor \u00e1ll fenn, ha a b\u0151v\u00edtm\u00e9nyben akt\u00edv a ment\u00e9s fogad\u00e1s\u00e1hoz gener\u00e1lt kulcs (alapb\u00f3l tiltva), \u00e9s a kulcs lej\u00e1rata legfeljebb 24 \u00f3r\u00e1ra \u00e1ll\u00edthat\u00f3.<\/p>\n\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Hogyan jav\u00edtott\u00e1k: mit v\u00e1ltoztattak a 0.9.124-ben?<\/h2>\n\n\n\n<p>A Wordfence szerint a WPvivid csapat k\u00e9t ir\u00e1nyb\u00f3l foltozta a hib\u00e1t:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li>A <code>decrypt_message()<\/code> f\u00fcggv\u00e9nyben ellen\u0151rz\u00e9st tettek a visszafejtett kulcsra: ha a <code>$key === false<\/code> vagy <code>empty($key)<\/code>, akkor a f\u00fcggv\u00e9ny <code>false<\/code>-szal visszat\u00e9r (teh\u00e1t nem megy tov\u00e1bb a Rijndael <code>setKey()<\/code> h\u00edv\u00e1s).<\/li>\n\n\n<li>A <code>send_to_site()<\/code> oldalon beker\u00fclt egy kiterjeszt\u00e9s-ellen\u0151rz\u00e9s, \u00e9s csak backup jelleg\u0171 f\u00e1jlt\u00edpusok enged\u00e9lyezettek (a Wordfence p\u00e9ld\u00e1ja szerint: <code>zip<\/code>, <code>gz<\/code>, <code>tar<\/code>, <code>sql<\/code>). Emellett a f\u00e1jln\u00e9vb\u0151l <code>basename()<\/code> \u00e9s regex alap\u00fa tiszt\u00edt\u00e1s is l\u00e1tszik a patch r\u00e9szletben.<\/li>\n\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Mit tegy\u00e9l most fejleszt\u0151k\u00e9nt\/\u00fczemeltet\u0151k\u00e9nt?<\/h2>\n\n\n\n<p>A legfontosabb teend\u0151 a gyors \u00e9s kontroll\u00e1lt friss\u00edt\u00e9s, azt\u00e1n egy minimum ellen\u0151rz\u00e9si k\u00f6r. A Wordfence a publik\u00e1l\u00e1s idej\u00e9n a jav\u00edtott verzi\u00f3t <strong>0.9.124<\/strong>-k\u00e9nt jel\u00f6li.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n\n<li>N\u00e9zd meg, hogy fut-e a WPvivid Backup &#038; Migration (plugin slug: <code>wpvivid-backuprestore<\/code>) az oldalon.<\/li>\n\n\n<li>Ellen\u0151rizd a verzi\u00f3t: ha <strong>0.9.123 vagy r\u00e9gebbi<\/strong>, akkor s\u00fcrg\u0151sen friss\u00edts <strong>0.9.124-re<\/strong>.<\/li>\n\n\n<li>A WPvivid be\u00e1ll\u00edt\u00e1saiban ellen\u0151rizd, hogy be van-e kapcsolva a ment\u00e9s fogad\u00e1sa m\u00e1sik site-r\u00f3l, \u00e9s van-e gener\u00e1lt kulcs. Ha nincs r\u00e1 \u00fczleti ok, hagyd kikapcsolva.<\/li>\n\n\n<li>Ha haszn\u00e1lt\u00e1tok ezt a funkci\u00f3t, n\u00e9zd \u00e1t a webroot alatti gyan\u00fas f\u00e1jlokat\/k\u00f6nyvt\u00e1rakat (k\u00fcl\u00f6n\u00f6sen a friss\u00edt\u00e9s el\u0151tti id\u0151szakban felt\u00f6lt\u00f6tt, ismeretlen PHP f\u00e1jlokat).<\/li>\n\n\n<li>Ha Wordfence-et haszn\u00e1lsz: tudd, hogy a t\u0171zfalszab\u00e1ly id\u0151z\u00edtve \u00e9rkezett (l\u00e1sd lejjebb), de ett\u0151l m\u00e9g a b\u0151v\u00edtm\u00e9ny friss\u00edt\u00e9se az els\u0151dleges v\u00e9delem.<\/li>\n\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">Wordfence v\u00e9delem: mikor \u00e9rkezett a t\u0171zfalszab\u00e1ly?<\/h2>\n\n\n\n<p>A Wordfence k\u00f6zl\u00e9se szerint a v\u00e9delmi szab\u00e1ly id\u0151vonala \u00edgy n\u00e9z ki:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li><strong>2026. janu\u00e1r 22.<\/strong> \u2013 Wordfence Premium, Wordfence Care \u00e9s Wordfence Response felhaszn\u00e1l\u00f3k t\u0171zfalszab\u00e1lyt kaptak a s\u00e9r\u00fcl\u00e9kenys\u00e9g c\u00e9lz\u00f3 pr\u00f3b\u00e1lkoz\u00e1sok ellen.<\/li>\n\n\n<li><strong>2026. febru\u00e1r 21.<\/strong> \u2013 a Wordfence Free felhaszn\u00e1l\u00f3k a fentiekkel azonos v\u00e9delmet 30 nappal k\u00e9s\u0151bb kapj\u00e1k meg (a bejelent\u00e9s szerint ekkor).<\/li>\n\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Felfed\u00e9si id\u0151vonal (disclosure timeline) \u2013 a fontos d\u00e1tumok<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li><strong>January 12, 2026<\/strong> \u2013 A Wordfence Bug Bounty Programon kereszt\u00fcl be\u00e9rkezett a bejelent\u00e9s a WPvivid Backup arbitrary file upload hib\u00e1j\u00e1r\u00f3l.<\/li>\n\n\n<li><strong>January 22, 2026<\/strong> \u2013 A Wordfence valid\u00e1lta a reportot, meger\u0151s\u00edtette a proof-of-concept exploitot, \u00e9s el\u0151sz\u00f6r megkereste a gy\u00e1rt\u00f3t (felaj\u00e1nlva a Wordfence Vulnerability Management Portal haszn\u00e1lat\u00e1t).<\/li>\n\n\n<li><strong>January 22, 2026<\/strong> \u2013 Wordfence Premium\/Care\/Response felhaszn\u00e1l\u00f3k megkapt\u00e1k a v\u00e9d\u0151 t\u0171zfalszab\u00e1lyt.<\/li>\n\n\n<li><strong>January 23, 2026<\/strong> \u2013 A gy\u00e1rt\u00f3 v\u00e1laszolt, \u00e9s e-mailes egyeztet\u00e9st v\u00e1lasztott a disclosure kezel\u00e9s\u00e9hez.<\/li>\n\n\n<li><strong>January 23, 2026<\/strong> \u2013 A Wordfence elk\u00fcldte a teljes r\u00e9szleteket, a gy\u00e1rt\u00f3 visszaigazolta \u00e9s dolgozni kezdett a jav\u00edt\u00e1son.<\/li>\n\n\n<li><strong>January 28, 2026<\/strong> \u2013 Megjelent a teljesen jav\u00edtott b\u0151v\u00edtm\u00e9nyverzi\u00f3: <strong>0.9.124<\/strong>.<\/li>\n\n\n<li><strong>February 21, 2026<\/strong> \u2013 A Wordfence Free felhaszn\u00e1l\u00f3k (a bejelent\u00e9s szerint) ekkor kapj\u00e1k meg ugyanazt a v\u00e9delmet.<\/li>\n\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Kreditek: ki tal\u00e1lta meg, \u00e9s mi\u00e9rt \u00e9rdekes ez a fejleszt\u0151i oldalr\u00f3l?<\/h2>\n\n\n\n<p>A sebezhet\u0151s\u00e9get <strong>Lucas Montes (NiRoX)<\/strong> tal\u00e1lta meg \u00e9s felel\u0151sen jelentette a Wordfence Bug Bounty Programon kereszt\u00fcl. A Wordfence szerint a hiba mind\u00f6ssze <strong>\u00f6t nappal a bevezet\u00e9se ut\u00e1n<\/strong> m\u00e1r be is \u00e9rkezett a programba, a kutat\u00f3 pedig <strong>$2,145.00<\/strong> bounty-t kapott \u00e9rte.<\/p>\n\n\n\n<p>Fejleszt\u0151i szemmel ez egy klasszikus tanuls\u00e1gcsomag: a kriptogr\u00e1fiai hib\u00e1k sokszor nem \u201etiszta kript\u00f3 hib\u00e1k\u201d, hanem hibakezel\u00e9s + t\u00edpuskezel\u00e9s + input valid\u00e1ci\u00f3 kombin\u00e1ci\u00f3ja. Itt is az t\u00f6rt\u00e9nt, hogy egy sikertelen decrypt ut\u00e1n a folyamat nem szakadt meg, a k\u00f6nyvt\u00e1r pedig a <code>false<\/code> \u00e9rt\u00e9ket v\u00e1ratlanul, de determinisztikusan kezelte.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u00d6sszefoglal\u00e1s<\/h2>\n\n\n\n<p>A WPvivid Backup &#038; Migration (Migration, Backup, Staging) b\u0151v\u00edtm\u00e9ny <strong><= 0.9.123<\/strong> verzi\u00f3iban a Wordfence szerint egy <strong>CVE-2026-1357<\/strong> azonos\u00edt\u00f3j\u00fa, <strong>CVSS 9.8<\/strong> s\u00falyoss\u00e1g\u00fa hiba tette lehet\u0151v\u00e9, hogy egy t\u00e1mad\u00f3 hiteles\u00edt\u00e9s n\u00e9lk\u00fcl f\u00e1jlokat t\u00f6lts\u00f6n fel, \u00e9s megfelel\u0151 k\u00f6r\u00fclm\u00e9nyek k\u00f6z\u00f6tt <strong>t\u00e1voli k\u00f3dfuttat\u00e1sig<\/strong> jusson. A jav\u00edt\u00e1s a <strong>0.9.124<\/strong> verzi\u00f3ban el\u00e9rhet\u0151, ez\u00e9rt ha a b\u0151v\u00edtm\u00e9ny telep\u00edtve van, a legfontosabb l\u00e9p\u00e9s a friss\u00edt\u00e9s \u00e9s annak ellen\u0151rz\u00e9se, hogy a ment\u00e9s fogad\u00e1sa m\u00e1sik site-r\u00f3l funkci\u00f3 t\u00e9nyleg csak indokolt esetben legyen bekapcsolva.<\/p>\n\n\n<div class=\"references-section\">\n                <h2>Hivatkoz\u00e1sok \/ Forr\u00e1sok<\/h2>\n                <ul class=\"references-list\"><li><a href=\"https:\/\/www.wordfence.com\/blog\/2026\/02\/800000-wordpress-sites-affected-by-arbitrary-file-upload-vulnerability-in-wpvivid-backup-wordpress-plugin\/\" target=\"_blank\" rel=\"noopener noreferrer\">800,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in WPvivid Backup WordPress Plugin<\/a><\/li><li><a href=\"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/wpvivid-backuprestore\/migration-backup-staging-09123-unauthenticated-arbitrary-file-upload\" target=\"_blank\" rel=\"noopener noreferrer\">Migration, Backup, Staging &lt;= 0.9.123 &#8212; Unauthenticated Arbitrary File Upload<\/a><\/li><li><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-1357\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2026-1357<\/a><\/li><li><a href=\"https:\/\/wordpress.org\/plugins\/wpvivid-backuprestore\/\" target=\"_blank\" rel=\"noopener noreferrer\">WPvivid Backup &amp; Migration<\/a><\/li><li><a href=\"https:\/\/www.wordfence.com\/threat-intel\/bug-bounty-program\/\" target=\"_blank\" rel=\"noopener noreferrer\">Wordfence Bug Bounty Program<\/a><\/li><li><a href=\"https:\/\/www.wordfence.com\/threat-intel\/vendor\/vulnerability-management-portal\/\" target=\"_blank\" rel=\"noopener noreferrer\">Wordfence Vulnerability Management Portal<\/a><\/li><li><a href=\"https:\/\/www.wordfence.com\/products\/wordfence-premium\/\" target=\"_blank\" rel=\"noopener noreferrer\">Wordfence Premium<\/a><\/li><li><a href=\"https:\/\/www.wordfence.com\/products\/wordfence-care\/\" target=\"_blank\" rel=\"noopener noreferrer\">Wordfence Care<\/a><\/li><li><a href=\"https:\/\/www.wordfence.com\/products\/wordfence-response\/\" target=\"_blank\" rel=\"noopener noreferrer\">Wordfence Response<\/a><\/li><li><a href=\"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/submit\/\" target=\"_blank\" rel=\"noopener noreferrer\">Submit Vulnerability<\/a><\/li><li><a href=\"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/researchers\/lucas-montes\" target=\"_blank\" rel=\"noopener noreferrer\">Lucas Montes (NiRoX)<\/a><\/li><\/ul>\n            <\/div>","protected":false},"excerpt":{"rendered":"<p>Egy CVSS 9.8-as, bejelentkez\u00e9s n\u00e9lk\u00fcl kihaszn\u00e1lhat\u00f3 f\u00e1jlfelt\u00f6lt\u00e9si hiba miatt a WPvivid Backup &#038; Migration b\u0151v\u00edtm\u00e9ny bizonyos be\u00e1ll\u00edt\u00e1s mellett t\u00e1voli k\u00f3dfuttat\u00e1sig (RCE) vihet\u0151. Mutatom, kit \u00e9rint val\u00f3j\u00e1ban, mi a technikai ok, \u00e9s mit kell azonnal ellen\u0151rizned.<\/p>\n","protected":false},"author":5,"featured_media":349,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[69,103,150],"class_list":["post-350","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-biztonsag","tag-biztonsag","tag-bovitmenyek","tag-sebezhetoseg-2"],"_links":{"self":[{"href":"https:\/\/helloblog.io\/hu\/wp-json\/wp\/v2\/posts\/350","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/helloblog.io\/hu\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/helloblog.io\/hu\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/helloblog.io\/hu\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/helloblog.io\/hu\/wp-json\/wp\/v2\/comments?post=350"}],"version-history":[{"count":0,"href":"https:\/\/helloblog.io\/hu\/wp-json\/wp\/v2\/posts\/350\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/helloblog.io\/hu\/wp-json\/wp\/v2\/media\/349"}],"wp:attachment":[{"href":"https:\/\/helloblog.io\/hu\/wp-json\/wp\/v2\/media?parent=350"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/helloblog.io\/hu\/wp-json\/wp\/v2\/categories?post=350"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/helloblog.io\/hu\/wp-json\/wp\/v2\/tags?post=350"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}