Lucene search
WpvulndbWPVDB-ID:6E233311-D8EA-4ED4-8959-6C88F786CEEFHistoryApr 28, 2022 - 12:00 a.m.
All-in-One WP Migration < 7.59 - Admin+ File Deletion on Windows Hosts via Path Traversal
2022-04-2800:00:00
wpscan.com
81
0.001 Low
EPSS
Percentile
40.9%
The plugin is vulnerable to arbitrary file deletion via directory traversal due to insufficient file validation via the ~/lib/model/class-ai1wm-backups.php file which can be exploited by administrative users, and users who have access to the site’s secret key on WordPress instances with Windows hosts.
| CPE | Name | Operator | Version |
|---|---|---|---|
| all-in-one-wp-migration | lt | 7.59 |
Related
cnvd
cnvd
WordPress All-in-One WP Migration Path Traversal Vulnerability
2022-05-11 00:00:00
patchstack
patchstack
openvas
openvas
nvd
nvd
CVE-2022-1476
2022-05-10 20:15:08
cve
cve
CVE-2022-1476
2022-05-10 20:15:08
prion
prion
Arbitrary file deletion
2022-05-10 20:15:00
cvelist
cvelist
CVE-2022-1476
2022-05-10 19:21:57
checkpoint_advisories
checkpoint_advisories