{"id":200,"date":"2026-02-11T16:40:04","date_gmt":"2026-02-11T15:40:04","guid":{"rendered":"https:\/\/helloblog.io\/lt\/kritine-wpvivid-backup-spraga-neautentifikuotas-failu-ikelimas-cve-2026-1357\/"},"modified":"2026-02-11T16:40:04","modified_gmt":"2026-02-11T15:40:04","slug":"kritine-wpvivid-backup-spraga-neautentifikuotas-failu-ikelimas-cve-2026-1357","status":"publish","type":"post","link":"https:\/\/helloblog.io\/lt\/kritine-wpvivid-backup-spraga-neautentifikuotas-failu-ikelimas-cve-2026-1357\/","title":{"rendered":"Kritin\u0117 WPvivid Backup spraga: iki 0.9.123 galima neautentifikuotai \u012fkelti failus ir vykdyti kod\u0105 (CVE-2026-1357)"},"content":{"rendered":"\n<p>WordPress saugumo praktikoje \u201earbitrary file upload\u201c (savavali\u0161kas fail\u0173 \u012fk\u0117limas) beveik visada rei\u0161kia vien\u0105: jei atakuotojas gali \u012fkelti vykdom\u0105 fail\u0105 (pvz., PHP), jis da\u017eniausiai gali pasiekti ir <em>remote code execution<\/em> (RCE) &#8211; nuotolin\u012f kodo vykdym\u0105 serveryje. 2026 m. vasar\u012f Wordfence paskelb\u0117 apie b\u016btent tokio tipo kritin\u0119 sprag\u0105 WPvivid Backup &#038; Migration \u012fskiepyje, kuris turi daugiau nei 800 000 aktyvi\u0173 diegim\u0173.<\/p>\n\n\n\n<p>Svarbi detal\u0117: kritinis poveikis pasirei\u0161kia ne visiems pagal nutyl\u0117jim\u0105. Pagal Wordfence analiz\u0119, spraga <strong>kriti\u0161kai paveikia tuos, kas \u012fskiepio nustatymuose yra sugenerav\u0119 rakt\u0105<\/strong>, leid\u017eiant\u012f kitai svetainei atsi\u0173sti atsargin\u0119 kopij\u0105 \u012f tavo svetain\u0119. \u0160i funkcija yra i\u0161jungta pagal nutyl\u0117jim\u0105, o rakto galiojimo laikas gali b\u016bti nustatytas daugiausia iki <strong>24 val.<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1504\" height=\"784\" src=\"https:\/\/helloblog.io\/app\/uploads\/sites\/20\/2026\/02\/FeaturedImage_Wordfence_303.01.png\" alt=\"Wordfence \u012fsp\u0117jimo iliustracija apie WPvivid Backup sprag\u0105, paveikusi\u0105 iki 800 000 WordPress svetaini\u0173\" class=\"wp-image-199\" srcset=\"https:\/\/helloblog.io\/app\/uploads\/sites\/20\/2026\/02\/FeaturedImage_Wordfence_303.01.png 1504w, https:\/\/helloblog.io\/app\/uploads\/sites\/20\/2026\/02\/FeaturedImage_Wordfence_303.01-300x156.png 300w, https:\/\/helloblog.io\/app\/uploads\/sites\/20\/2026\/02\/FeaturedImage_Wordfence_303.01-1024x534.png 1024w, https:\/\/helloblog.io\/app\/uploads\/sites\/20\/2026\/02\/FeaturedImage_Wordfence_303.01-768x400.png 768w, https:\/\/helloblog.io\/app\/uploads\/sites\/20\/2026\/02\/FeaturedImage_Wordfence_303.01-400x209.png 400w\" sizes=\"auto, (max-width: 1504px) 100vw, 1504px\" \/><figcaption class=\"wp-element-caption\">Wordfence publikacijoje spraga \u012fvardyta kaip kritin\u0117 (CVSS 9.8) ir susieta su CVE-2026-1357. \u2014 <em>Forr\u00e1s: Wordfence.com<\/em><\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Kas tiksliai pa\u017eeid\u017eiama: CVE-2026-1357 santrauka<\/h2>\n\n\n\n<p>Wordfence Intelligence duomenimis, pa\u017eeid\u017eiamumas \u012fvardintas taip: <strong>\u201eMigration, Backup, Staging <= 0.9.123 - Unauthenticated Arbitrary File Upload\u201c<\/strong>. CVSS \u012fvertis &#8211; <strong>9.8 (Critical)<\/strong>, CVE &#8211; <strong>CVE-2026-1357<\/strong>. Paveiktos versijos: <strong><= 0.9.123<\/strong>, pataisyta versija: <strong>0.9.124<\/strong>.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li>\u012eskiepis: Migration, Backup, Staging &#8211; WPvivid Backup &#038; Migration<\/li>\n\n\n<li>Slug: wpvivid-backuprestore<\/li>\n\n\n<li>Pa\u017eeid\u017eiamumo tipas: Unauthenticated Arbitrary File Upload (be prisijungimo)<\/li>\n\n\n<li>Kas gali nutikti: PHP fail\u0173 \u012fk\u0117limas \u012f vie\u0161ai pasiekiamus katalogus ir RCE<\/li>\n\n\n<li>I\u0161naudojimo vektorius: per parametr\u0105 <code>wpvivid_action=send_to_site<\/code><\/li>\n\n\n<li>Pataisyta: 0.9.124<\/li>\n\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Kod\u0117l spraga \u012fmanoma: klaidos kriptografijoje + kelio (path) validacijos tr\u016bkumas<\/h2>\n\n\n\n<p>WPvivid turi funkcij\u0105 priimti atsargin\u0119 kopij\u0105 i\u0161 kitos svetain\u0117s. Tai realizuota per trumpalaik\u012f sugeneruot\u0105 rakt\u0105, o pri\u0117mimo logika, anot Wordfence, sukasi apie <code>send_to_site()<\/code> metod\u0105 klas\u0117je <code>WPvivid_Send_to_site<\/code>. Kai gaunamas POST laukas <code>wpvivid_content<\/code>, turinys base64 i\u0161koduojamas ir perduodamas \u012f <code>decrypt_message()<\/code> (klas\u0117je <code>WPvivid_crypt<\/code>).<\/p>\n\n\n\n<p>Problema prasideda de\u0161ifravimo grandin\u0117je: \u012fskiepis bando RSA b\u016bdu i\u0161\u0161ifruoti sesijos rakt\u0105. Jei RSA de\u0161ifravimas nepavyksta (Wordfence mini scenarij\u0173 su <code>openssl_private_decrypt()<\/code>), vykdymas nenutraukiamas, o \u201eneteisingo rakto\u201c b\u016bsena ka\u017ekurioje grandies vietoje tampa <strong>boolean <code>false<\/code><\/strong>. Tuomet \u0161is <code>false<\/code> perduodamas toliau \u012f AES\/Rijndael inicializacij\u0105 per phpseclib mechanik\u0105.<\/p>\n\n\n\n<p>Esminis niuansas: phpseclib pus\u0117je <code>false<\/code> gali b\u016bti interpretuojamas kaip \u201enull bytes\u201c eilut\u0117 (nuliniai baitai), tod\u0117l raktas tampa <strong>nusp\u0117jamas<\/strong>. Tai suteikia galimyb\u0119 atakuotojui sukonstruoti \u0161ifruot\u0105 payload\u2019\u0105 su \u017einomu \u201enull-byte\u201c raktu ir priversti \u012fskiep\u012f s\u0117kmingai j\u012f apdoroti.<\/p>\n\n\n\n<p>Antra dalis &#8211; failo ra\u0161ymas \u012f disk\u0105. Wordfence nurodo, kad \u012fskiepis priima fail\u0173 vardus i\u0161 de\u0161ifruoto payload\u2019o <strong>be kelio sanitizacijos<\/strong>, tod\u0117l atsiranda <em>directory traversal<\/em> galimyb\u0117 (pab\u0117gimas i\u0161 \u201eapsaugoto\u201c backup katalogo). Rezultatas: neautentifikuotas atakuotojas gali \u012fkelti pasirinkt\u0105 fail\u0105 (pvz., PHP) \u012f vie\u0161ai pasiekiam\u0105 katalog\u0105 ir j\u012f atidaryti, taip inicijuodamas RCE.<\/p>\n\n\n\n<div class=\"wp-block-group callout callout-danger is-style-danger is-layout-flow wp-block-group-is-layout-flow\" style=\"border-width:1px;border-radius:8px;padding-top:1rem;padding-right:1.5rem;padding-bottom:1rem;padding-left:1.5rem\">\n\n<h4 class=\"wp-block-heading callout-title\">Kod\u0117l tai pavojinga prakti\u0161kai<\/h4>\n\n\n<p>Tokio tipo spragos da\u017enai baigiasi pilnu svetain\u0117s per\u0117mimu: webshell \u012fk\u0117limu, administratoriaus paskyr\u0173 k\u016brimu, papildom\u0173 backdoor\u2019\u0173 \u012fra\u0161ymu, duomen\u0173 eksfiltracija. Wordfence tiesiai \u012fvardina, kad tai gali vesti \u012f \u201ecomplete site compromise\u201c.<\/p>\n\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Kada tai \u201etikrai kriti\u0161ka\u201c: priklausomyb\u0117 nuo sugeneruoto rakto<\/h2>\n\n\n\n<p>\u0160i istorija turi vien\u0105 saugumo po\u017ei\u016briu svarb\u0173 filtr\u0105: Wordfence akcentuoja, kad spraga <strong>kriti\u0161kai paveikia<\/strong> tuos WPvivid naudotojus, kurie \u012fskiepio nustatymuose yra aktyvav\u0119 funkcij\u0105, leid\u017eian\u010di\u0105 kitai svetainei si\u0173sti backup\u2019\u0105 \u012f tavo svetain\u0119, t. y. yra sugenerav\u0119 atitinkam\u0105 rakt\u0105. Pagal nutyl\u0117jim\u0105 \u0161i funkcija i\u0161jungta, o rakto galiojimas negali b\u016bti ilgesnis nei 24 valandos.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Pataisymas 0.9.124: ai\u0161kus <code>false\/empty<\/code> patikrinimas ir failo tipo kontrol\u0117<\/h2>\n\n\n\n<p>K\u016br\u0117jai sprend\u0117 problem\u0105 dviem kryptimis. Pirma &#8211; <code>decrypt_message()<\/code> funkcijoje prid\u0117jo patikr\u0105, kuri gr\u0105\u017eina <code>false<\/code>, jei RSA de\u0161ifravimas gr\u0105\u017eina <code>false<\/code> arba raktas yra tu\u0161\u010dias. Taip nebelieka situacijos, kai \u012f Rijndael\/AES inicializacij\u0105 patenka nusp\u0117jamas \u201enull bytes\u201c raktas.<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#24292e\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#e1e4e8;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>&lt;?php\n\/\/ ...\n$key = $rsa-&gt;decrypt($key);\n\n\/\/ Pataisymas: nebet\u0119sti, jei raktas negautas\nif ($key === false || empty($key)) {\n    return false;\n}\n\n$rij = new Crypt_Rijndael();\n$rij-&gt;setKey($key);\nreturn $rij-&gt;decrypt($data);\n\n<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki github-dark\" style=\"background-color:#24292e;color:#e1e4e8\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color:#F97583\">&#x3C;?<\/span><span style=\"color:#79B8FF\">php<\/span><\/span>\n<span class=\"line\"><span style=\"color:#6A737D\">\/\/ ...<\/span><\/span>\n<span class=\"line\"><span style=\"color:#E1E4E8\">$key <\/span><span style=\"color:#F97583\">=<\/span><span style=\"color:#E1E4E8\"> $rsa<\/span><span style=\"color:#F97583\">-><\/span><span style=\"color:#B392F0\">decrypt<\/span><span style=\"color:#E1E4E8\">($key);<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color:#6A737D\">\/\/ Pataisymas: nebet\u0119sti, jei raktas negautas<\/span><\/span>\n<span class=\"line\"><span style=\"color:#F97583\">if<\/span><span style=\"color:#E1E4E8\"> ($key <\/span><span style=\"color:#F97583\">===<\/span><span style=\"color:#79B8FF\"> false<\/span><span style=\"color:#F97583\"> ||<\/span><span style=\"color:#79B8FF\"> empty<\/span><span style=\"color:#E1E4E8\">($key)) {<\/span><\/span>\n<span class=\"line\"><span style=\"color:#F97583\">    return<\/span><span style=\"color:#79B8FF\"> false<\/span><span style=\"color:#E1E4E8\">;<\/span><\/span>\n<span class=\"line\"><span style=\"color:#E1E4E8\">}<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color:#E1E4E8\">$rij <\/span><span style=\"color:#F97583\">=<\/span><span style=\"color:#F97583\"> new<\/span><span style=\"color:#79B8FF\"> Crypt_Rijndael<\/span><span style=\"color:#E1E4E8\">();<\/span><\/span>\n<span class=\"line\"><span style=\"color:#E1E4E8\">$rij<\/span><span style=\"color:#F97583\">-><\/span><span style=\"color:#B392F0\">setKey<\/span><span style=\"color:#E1E4E8\">($key);<\/span><\/span>\n<span class=\"line\"><span style=\"color:#F97583\">return<\/span><span style=\"color:#E1E4E8\"> $rij<\/span><span style=\"color:#F97583\">-><\/span><span style=\"color:#B392F0\">decrypt<\/span><span style=\"color:#E1E4E8\">($data);<\/span><\/span>\n<span class=\"line\"><\/span><\/code><\/pre><\/div>\n\n\n\n<p>Antra &#8211; <code>send_to_site()<\/code> pus\u0117je prid\u0117tas failo pl\u0117tinio tikrinimas. \u012eskiepis prad\u0117jo normalizuoti failo pavadinim\u0105 (<code>basename<\/code> + <code>preg_replace<\/code>), o tada leisti tik konkre\u010dius backup\u2019ams b\u016bdingus pl\u0117tinius: <code>zip<\/code>, <code>gz<\/code>, <code>tar<\/code>, <code>sql<\/code>. Jei pl\u0117tinys nepatenka \u012f leid\u017eiam\u0173 s\u0105ra\u0161\u0105, gr\u0105\u017einama klaida ir vykdymas nutraukiamas.<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#24292e\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#e1e4e8;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>&lt;?php\n$safe_name = basename($params['name']);\n$safe_name = preg_replace('\/[^a-zA-Z0-9._-]\/', '', $safe_name);\n\n$allowed_extensions = array('zip', 'gz', 'tar', 'sql');\n$file_ext = strtolower(pathinfo($safe_name, PATHINFO_EXTENSION));\n\nif (!in_array($file_ext, $allowed_extensions, true)) {\n    $ret['result'] = WPVIVID_FAILED;\n    $ret['error']  = 'Invalid file type - only backup files allowed.';\n    echo wp_json_encode($ret);\n    die();\n}\n\n<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki github-dark\" style=\"background-color:#24292e;color:#e1e4e8\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color:#F97583\">&#x3C;?<\/span><span style=\"color:#79B8FF\">php<\/span><\/span>\n<span class=\"line\"><span style=\"color:#E1E4E8\">$safe_name <\/span><span style=\"color:#F97583\">=<\/span><span style=\"color:#79B8FF\"> basename<\/span><span style=\"color:#E1E4E8\">($params[<\/span><span style=\"color:#9ECBFF\">'name'<\/span><span style=\"color:#E1E4E8\">]);<\/span><\/span>\n<span class=\"line\"><span style=\"color:#E1E4E8\">$safe_name <\/span><span style=\"color:#F97583\">=<\/span><span style=\"color:#79B8FF\"> preg_replace<\/span><span style=\"color:#E1E4E8\">(<\/span><span style=\"color:#9ECBFF\">'\/<\/span><span style=\"color:#DBEDFF\">[^a-zA-Z0-9._-]<\/span><span style=\"color:#9ECBFF\">\/'<\/span><span style=\"color:#E1E4E8\">, <\/span><span style=\"color:#9ECBFF\">''<\/span><span style=\"color:#E1E4E8\">, $safe_name);<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color:#E1E4E8\">$allowed_extensions <\/span><span style=\"color:#F97583\">=<\/span><span style=\"color:#79B8FF\"> array<\/span><span style=\"color:#E1E4E8\">(<\/span><span style=\"color:#9ECBFF\">'zip'<\/span><span style=\"color:#E1E4E8\">, <\/span><span style=\"color:#9ECBFF\">'gz'<\/span><span style=\"color:#E1E4E8\">, <\/span><span style=\"color:#9ECBFF\">'tar'<\/span><span style=\"color:#E1E4E8\">, <\/span><span style=\"color:#9ECBFF\">'sql'<\/span><span style=\"color:#E1E4E8\">);<\/span><\/span>\n<span class=\"line\"><span style=\"color:#E1E4E8\">$file_ext <\/span><span style=\"color:#F97583\">=<\/span><span style=\"color:#79B8FF\"> strtolower<\/span><span style=\"color:#E1E4E8\">(<\/span><span style=\"color:#79B8FF\">pathinfo<\/span><span style=\"color:#E1E4E8\">($safe_name, <\/span><span style=\"color:#79B8FF\">PATHINFO_EXTENSION<\/span><span style=\"color:#E1E4E8\">));<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color:#F97583\">if<\/span><span style=\"color:#E1E4E8\"> (<\/span><span style=\"color:#F97583\">!<\/span><span style=\"color:#79B8FF\">in_array<\/span><span style=\"color:#E1E4E8\">($file_ext, $allowed_extensions, <\/span><span style=\"color:#79B8FF\">true<\/span><span style=\"color:#E1E4E8\">)) {<\/span><\/span>\n<span class=\"line\"><span style=\"color:#E1E4E8\">    $ret[<\/span><span style=\"color:#9ECBFF\">'result'<\/span><span style=\"color:#E1E4E8\">] <\/span><span style=\"color:#F97583\">=<\/span><span style=\"color:#79B8FF\"> WPVIVID_FAILED<\/span><span style=\"color:#E1E4E8\">;<\/span><\/span>\n<span class=\"line\"><span style=\"color:#E1E4E8\">    $ret[<\/span><span style=\"color:#9ECBFF\">'error'<\/span><span style=\"color:#E1E4E8\">]  <\/span><span style=\"color:#F97583\">=<\/span><span style=\"color:#9ECBFF\"> 'Invalid file type - only backup files allowed.'<\/span><span style=\"color:#E1E4E8\">;<\/span><\/span>\n<span class=\"line\"><span style=\"color:#79B8FF\">    echo<\/span><span style=\"color:#B392F0\"> wp_json_encode<\/span><span style=\"color:#E1E4E8\">($ret);<\/span><\/span>\n<span class=\"line\"><span style=\"color:#F97583\">    die<\/span><span style=\"color:#E1E4E8\">();<\/span><\/span>\n<span class=\"line\"><span style=\"color:#E1E4E8\">}<\/span><\/span>\n<span class=\"line\"><\/span><\/code><\/pre><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">K\u0105 daryti dabar: konkret\u016bs veiksmai WordPress adminui ir dev komandai<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n\n<li>Patikrink, ar svetain\u0117je \u012fdiegtas \u012fskiepis <strong>WPvivid Backup &#038; Migration<\/strong> (slug <code>wpvivid-backuprestore<\/code>).<\/li>\n\n\n<li>Jei versija <strong>0.9.123 arba senesn\u0117<\/strong> &#8211; atnaujink iki <strong>0.9.124<\/strong> (ar naujesn\u0117s) kuo grei\u010diau.<\/li>\n\n\n<li>\u012evertink, ar buvai \u012fjung\u0119s funkcij\u0105, kuri leid\u017eia kitai svetainei si\u0173sti backup\u2019\u0105 \u012f tavo svetain\u0119 (tai tas scenarijus su sugeneruotu raktu). Jei taip &#8211; laikyk situacij\u0105 prioritetine.<\/li>\n\n\n<li>Jei naudoji Wordfence: Premium\/Care\/Response naudotojai, pagal Wordfence, gavo ugniasien\u0117s taisykl\u0119 2026-01-22; Wordfence Free t\u0105 pa\u010di\u0105 apsaug\u0105 gaus 2026-02-21 (30 dien\u0173 v\u0117liau).<\/li>\n\n\n<li>Net jei planuoji remtis ugniasiene, pataisyto \u012fskiepio atnaujinimas vis tiek b\u016btinas &#8211; ugniasien\u0117 n\u0117ra pakaitalas pataisymui.<\/li>\n\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">Atskleidimo laiko juosta (Disclosure Timeline)<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li>2026-01-12 &#8211; Wordfence Bug Bounty Program gautas prane\u0161imas apie Arbitrary File Upload sprag\u0105 WPvivid Backup \u012fskiepyje.<\/li>\n\n\n<li>2026-01-22 &#8211; Wordfence patvirtino ataskait\u0105 ir proof-of-concept exploit\u2019\u0105; tiek\u0117jas pakviestas naudotis <a href=\"https:\/\/www.wordfence.com\/threat-intel\/vendor\/vulnerability-management-portal\/\">Wordfence Vulnerability Management Portal<\/a>.<\/li>\n\n\n<li>2026-01-22 &#8211; Wordfence Premium\/Care\/Response naudotojams pristatyta ugniasien\u0117s taisykl\u0117 nuo bandym\u0173 i\u0161naudoti sprag\u0105.<\/li>\n\n\n<li>2026-01-23 &#8211; tiek\u0117jas atsak\u0117 ir pasirinko komunikacij\u0105 el. pa\u0161tu.<\/li>\n\n\n<li>2026-01-23 &#8211; Wordfence perdav\u0117 pilnas atskleidimo detales; tiek\u0117jas patvirtino ir prad\u0117jo taisym\u0105.<\/li>\n\n\n<li>2026-01-28 &#8211; i\u0161leista pilnai pataisyta \u012fskiepio versija <strong>0.9.124<\/strong>.<\/li>\n\n\n<li>2026-02-21 &#8211; Wordfence Free naudotojai gaus analogi\u0161k\u0105 ugniasien\u0117s apsaug\u0105.<\/li>\n\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Kas atrado sprag\u0105 ir kaip ji buvo prane\u0161ta<\/h2>\n\n\n\n<p>Pa\u017eeid\u017eiamum\u0105 aptiko ir atsakingai prane\u0161\u0117 tyr\u0117jas <strong>Lucas Montes (NiRoX)<\/strong> per Wordfence <a href=\"https:\/\/www.wordfence.com\/threat-intel\/bug-bounty-program\/\">Bug Bounty Program<\/a>. Wordfence nurodo, kad prane\u0161imas program\u0105 pasiek\u0117 pra\u0117jus vos penkioms dienoms po to, kai spraga buvo \u012fvesta, o u\u017e atradim\u0105 i\u0161mok\u0117ta <strong>$2,145.00<\/strong> premija.<\/p>\n\n\n\n<div class=\"wp-block-group callout callout-info is-style-info is-layout-flow wp-block-group-is-layout-flow\" style=\"border-width:1px;border-radius:8px;padding-top:1rem;padding-right:1.5rem;padding-bottom:1rem;padding-left:1.5rem\">\n\n<h4 class=\"wp-block-heading callout-title\">Pastaba apie Wordfence Bug Bounty<\/h4>\n\n\n<p>Wordfence savo Bug Bounty Program apra\u0161e akcentuoja, kad tyr\u0117jai gali u\u017edirbti iki <strong>$31,200 per pa\u017eeid\u017eiamum\u0105<\/strong> (programos taisykli\u0173 ir scope ribose), o detales galima pateikti per <a href=\"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/submit\/\">submission form\u0105<\/a>.<\/p>\n\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Esm\u0117 trumpai<\/h2>\n\n\n\n<p>CVE-2026-1357 yra kritin\u0117 spraga WPvivid Backup &#038; Migration \u012fskiepyje (<= 0.9.123), leid\u017eianti neautentifikuotai \u012fkelti pasirinktus failus ir pasiekti RCE - ypa\u010d jei buvo naudojamas sugeneruotas raktas \u201ebackup pri\u0117mimui i\u0161 kitos svetain\u0117s\u201c. Pataisymas yra 0.9.124 versijoje: prid\u0117ta <code>false\/empty<\/code> patikra de\u0161ifravime ir failo pl\u0117tinio validacija <code>send_to_site()<\/code> dalyje.<\/p>\n\n\n<div class=\"references-section\">\n                <h2>Nuorodos \/ \u0160altiniai<\/h2>\n                <ul class=\"references-list\"><li><a href=\"https:\/\/www.wordfence.com\/blog\/2026\/02\/800000-wordpress-sites-affected-by-arbitrary-file-upload-vulnerability-in-wpvivid-backup-wordpress-plugin\/\" target=\"_blank\" rel=\"noopener noreferrer\">800,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in WPvivid Backup WordPress Plugin<\/a><\/li><li><a href=\"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/wpvivid-backuprestore\/migration-backup-staging-09123-unauthenticated-arbitrary-file-upload\" target=\"_blank\" rel=\"noopener noreferrer\">Migration, Backup, Staging &lt;= 0.9.123 &#8212; Unauthenticated Arbitrary File Upload<\/a><\/li><li><a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-1357\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2026-1357<\/a><\/li><li><a href=\"https:\/\/wordpress.org\/plugins\/wpvivid-backuprestore\/\" target=\"_blank\" rel=\"noopener noreferrer\">WPvivid Backup &amp; Migration<\/a><\/li><li><a href=\"https:\/\/www.wordfence.com\/threat-intel\/bug-bounty-program\/\" target=\"_blank\" rel=\"noopener noreferrer\">Wordfence Bug Bounty Program<\/a><\/li><li><a href=\"https:\/\/www.wordfence.com\/threat-intel\/vendor\/vulnerability-management-portal\/\" target=\"_blank\" rel=\"noopener noreferrer\">Wordfence Vulnerability Management Portal<\/a><\/li><li><a href=\"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/researchers\/lucas-montes\" target=\"_blank\" rel=\"noopener noreferrer\">Lucas Montes (NiRoX)<\/a><\/li><li><a href=\"https:\/\/www.wordfence.com\/products\/wordfence-premium\/\" target=\"_blank\" rel=\"noopener noreferrer\">Wordfence Premium<\/a><\/li><li><a href=\"https:\/\/www.wordfence.com\/products\/wordfence-care\/\" target=\"_blank\" rel=\"noopener noreferrer\">Wordfence Care<\/a><\/li><li><a href=\"https:\/\/www.wordfence.com\/products\/wordfence-response\/\" target=\"_blank\" rel=\"noopener noreferrer\">Wordfence Response<\/a><\/li><\/ul>\n            <\/div>","protected":false},"excerpt":{"rendered":"<p>WPvivid Backup (wpvivid-backuprestore) \u012fskiepyje aptikta kritin\u0117 Unauthenticated Arbitrary File Upload spraga, kuri tam tikromis s\u0105lygomis leid\u017eia \u012fkelti PHP failus ir pasiekti RCE. Jei naudojai \u201esend backup to this site\u201c rakt\u0105 &#8211; laikas skubiai atnaujinti iki 0.9.124.<\/p>\n","protected":false},"author":55,"featured_media":198,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[118,15,10,116,117],"class_list":["post-200","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-saugumas","tag-cve-2026-1357","tag-wordfence","tag-wordpress","tag-wordpress-saugumas","tag-wpvivid"],"_links":{"self":[{"href":"https:\/\/helloblog.io\/lt\/wp-json\/wp\/v2\/posts\/200","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/helloblog.io\/lt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/helloblog.io\/lt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/helloblog.io\/lt\/wp-json\/wp\/v2\/users\/55"}],"replies":[{"embeddable":true,"href":"https:\/\/helloblog.io\/lt\/wp-json\/wp\/v2\/comments?post=200"}],"version-history":[{"count":0,"href":"https:\/\/helloblog.io\/lt\/wp-json\/wp\/v2\/posts\/200\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/helloblog.io\/lt\/wp-json\/wp\/v2\/media\/198"}],"wp:attachment":[{"href":"https:\/\/helloblog.io\/lt\/wp-json\/wp\/v2\/media?parent=200"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/helloblog.io\/lt\/wp-json\/wp\/v2\/categories?post=200"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/helloblog.io\/lt\/wp-json\/wp\/v2\/tags?post=200"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}