CVE-2023-40004

2024-06-1912:15:09

CWE-862

Patchstack

web.nvd.nist.gov

cve-2023-40004 reserved organization individual nvd

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS

Percentile

15.5%

JSON

Missing Authorization vulnerability in ServMask All-in-One WP Migration Box Extension, ServMask All-in-One WP Migration OneDrive Extension, ServMask All-in-One WP Migration Dropbox Extension, ServMask All-in-One WP Migration Google Drive Extension.This issue affects All-in-One WP Migration Box Extension: from n/a through 1.53; All-in-One WP Migration OneDrive Extension: from n/a through 1.66; All-in-One WP Migration Dropbox Extension: from n/a through 3.75; All-in-One WP Migration Google Drive Extension: from n/a through 2.79.

Affected configurations

Vulners

Vulnrichment

Node

servmaskall-in-one_wp_migrationRange≤1.53wordpress

servmaskall-in-one_wp_migrationRange≤1.66wordpress

servmaskall-in-one_wp_migrationRange≤3.75wordpress

servmaskall-in-one_wp_migrationRange≤2.79wordpress

VendorProductVersionCPE
servmaskall-in-one_wp_migration*cpe:2.3:a:servmask:all-in-one_wp_migration:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
servmask	all-in-one_wp_migration	*	cpe:2.3:a:servmask:all-in-one_wp_migration::::::wordpress::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "All-in-One WP Migration Box Extension",
    "vendor": "ServMask",
    "versions": [
      {
        "changes": [
          {
            "at": "1.54",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.53",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "All-in-One WP Migration OneDrive Extension",
    "vendor": "ServMask",
    "versions": [
      {
        "changes": [
          {
            "at": "1.67",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.66",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "All-in-One WP Migration Dropbox Extension",
    "vendor": "ServMask",
    "versions": [
      {
        "changes": [
          {
            "at": "3.76",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.75",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "All-in-One WP Migration Google Drive Extension",
    "vendor": "ServMask",
    "versions": [
      {
        "changes": [
          {
            "at": "2.80",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.79",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/articles/pre-auth-access-token-manipulation-in-all-in-one-wp-migration-extensions?_s_id=cve

patchstack.com/database/vulnerability/all-in-one-wp-migration-box-extension/wordpress-all-in-one-wp-migration-box-extension-plugin-1-53-unauthenticated-access-token-manipulation-vulnerability?_s_id=cve

patchstack.com/database/vulnerability/all-in-one-wp-migration-dropbox-extension/wordpress-all-in-one-wp-migration-dropbox-extension-plugin-3-75-unauthenticated-access-token-manipulation-vulnerability?_s_id=cve

patchstack.com/database/vulnerability/all-in-one-wp-migration-gdrive-extension/wordpress-all-in-one-wp-migration-google-drive-extension-plugin-2-79-unauthenticated-access-token-manipulation-vulnerability?_s_id=cve

patchstack.com/database/vulnerability/all-in-one-wp-migration-onedrive-extension/wordpress-all-in-one-wp-migration-onedrive-extension-plugin-1-66-unauthenticated-access-token-manipulation-vulnerability?_s_id=cve