WordPress Plugin Vulnerabilities
All-in-One WP Migration < 7.59 - Admin+ File Deletion on Windows Hosts via Path Traversal
Description
The plugin is vulnerable to arbitrary file deletion via directory traversal due to insufficient file validation via the ~/lib/model/class-ai1wm-backups.php file which can be exploited by administrative users, and users who have access to the site’s secret key on WordPress instances with Windows hosts.
Affects Plugins
Fixed in 7.59 References
Classification
Type
TRAVERSAL
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
haidv35 (Viettel Cyber Security)
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-04-28 (about 2 years ago)
Added
2022-04-28 (about 2 years ago)
Last Updated
2022-04-29 (about 2 years ago)
WPScan 