What is CVE-2025-12656?

CVE-2025-12656 is a low-severity vulnerability, classified under External Control of File Name or Path. CVSS score: 3.8/10. Published 2026-06-06.

How severe is CVE-2025-12656?

Low severity. CVSS v3 base score is 3.8 out of 10.

CVE-2025-12656

CVE-2025-12656

The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the delete_cancel_staging_site() function in all versions up to, and…

CVSS v3 metric

CVSS v3 base score 3.8 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L.

Weakness classification (CWE)

CWE-73 — External Control of File Name or Path

References

security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com

Frequently asked questions

What is CVE-2025-12656?: CVE-2025-12656 is a low-severity vulnerability, classified under External Control of File Name or Path. CVSS score: 3.8/10. Published 2026-06-06.
How severe is CVE-2025-12656?: Low severity. CVSS v3 base score is 3.8 out of 10.