|
|
|||
| Rule General Information |
|---|
| Release Date: | 2022-05-30 | |
| Rule Name: | WordPress All-in-One WP Migration Plugin Backups Directory Traversal Vulnerability (CVE-2022-1476) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | The All-in-One WP Migration plugin for WordPress is vulnerable to arbitrary file deletion via directory traversal due to insufficient file validation via the ~/lib/model/class-ai1wm-backups.php file, in versions up to, and including, 7.58. This can be exploited by administrative users, and users who have access to the site's secret key. | |
| Impact: | An attacker can abtain sensitive information of the target victim, and do malicious actions to gain profits using the information. | |
| Affected OS: | Windows, Others | |
| Reference: | https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2715609%40all-in-one-wp-migration&new=2715609%40all-in-one-wp-migration&sfp_email=&sfph_mail= https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1476 |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1476 |