WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

All-in-One WP Migration < 7.15 - Arbitrary Backup Download

Description

Lack of randomness in the backup filenames could allow unauthenticated attackers to guess and download them

Affects Plugins

all-in-one-wp-migration
Fixed in version 7.15

References

URL
https://vavkamil.cz/2020/03/25/all-in-one-wp-migration/

Classification

Type

PRIVESC

OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269

Miscellaneous

Original Researcher

vavkamil

Verified

Yes

WPVDB ID
ef4734a3-f12c-49ef-a49b-f00bd4a21ed9

Timeline

Publicly Published

2020-03-25 (about 3 years ago)

Added

2020-03-25 (about 3 years ago)

Last Updated

2021-03-23 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin