WordPress · All-In-One Wp Migration · CVE-2021-24216
**Name of the Vulnerable Software and Affected Versions**
All-in-One WP Migration WordPress plugin versions prior to 7.41
**Description**
The issue allows administrators to upload PHP files on their site due to a lack of validation of uploaded files' extensions. This affects even multisite installations.
**Recommendations**
For versions prior to 7.41, update to version 7.41 or later to resolve the issue. As a temporary workaround, consider restricting file uploads to trusted users or disabling the file upload feature until the update is applied.