PT-2024-39464 · WordPress · All-In-One Wp Migration/Backup
Ryan Kozak
·
Published
2024-10-28
·
Updated
2024-10-28
·
CVE-2024-9162
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
All-in-One WP Migration and Backup plugin for WordPress versions up to, and including, 7.86
Description
The issue allows authenticated attackers with Administrator-level access and above to inject arbitrary PHP code into an export file due to missing file type validation during the export process. This could potentially lead to remote code execution.
Recommendations
For versions up to, and including, 7.86, update to a version that includes the fix for this issue to prevent arbitrary PHP code injection.
Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
All-In-One Wp Migration/Backup