WordPress Plugin Vulnerabilities

All-in-One WP Migration < 2.0.5 - Unauthenticated Database Export

Description

Unauthenticated users can export a complete copy of the WordPress database, all plugins, themes, and uploaded files.

Affects Plugins

Plugin icon
all-in-one-wp-migration
Fixed in 2.0.5

References

URL
auxiliary/gather/wp_all_in_one_migration_export
URL
https://www.pritect.net/blog/all-in-one-wp-migration-2-0-4-security-vulnerability

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
8.6 (high)

Miscellaneous

Submitter
James Golovich
Submitter website
http://www.pritect.net
Submitter twitter
Pritect
Verified
Yes
WPVDB ID
4f78d821-036b-4d0c-8cc9-397dcdbc9c21

Timeline

Publicly Published
2015-03-19 (about 9 years ago)
Added
2015-03-19 (about 9 years ago)
Last Updated
2021-03-23 (about 3 years ago)

Other

Published
Title
Published
2016-09-19
Title
Order Export Import for WooCommerce 1.0.8 - Order Information Disclosure
Published
2022-10-31
Title
WP User Frontend < 3.5.29 - Obscure Registration as Admin
Published
2014-08-01
Title
WordPress 2.9 - Failure to Restrict URL Access
Published
2020-02-16
Title
ThemeGrill Demo Importer < 1.6.3 - Auth Bypass & Database Wipe
Published
2016-12-23
Title
BuddyPress 2.0-2.7.3 - Arbitrary File Deletion