CVE-2023-40004 Unauth. Access Token Manipulation vulnerability in multiple ServMask WordPress plugins

🗓️ 19 Jun 2024 12:03:07Reported by PatchstackType

Unauth. Access Token Manipulation vulnerability in ServMask WordPress plugin

Reporter	Title	Published	Views	Family All 12
CNNVD	WordPress plugin All-in-One WP Migration security vulnerability	19 Jun 202400:00	–	cnnvd
CVE	CVE-2023-40004	19 Jun 202412:03	–	cve
EUVD	EUVD-2023-44627	3 Oct 202520:07	–	euvd
NVD	CVE-2023-40004	19 Jun 202412:15	–	nvd
Patchstack	WordPress All-in-One WP Migration Google Drive Extension Plugin <= 2.79 is vulnerable to Broken Access Control	30 Aug 202300:00	–	patchstack
Patchstack	WordPress All-in-One WP Migration Box Extension Plugin <= 1.53 is vulnerable to Broken Access Control	30 Aug 202300:00	–	patchstack
Patchstack	WordPress All-in-One WP Migration Dropbox Extension Plugin <= 3.75 is vulnerable to Broken Access Control	30 Aug 202300:00	–	patchstack
Patchstack	WordPress All-in-One WP Migration OneDrive Extension Plugin <= 1.66 is vulnerable to Broken Access Control	30 Aug 202300:00	–	patchstack
Vulnrichment	CVE-2023-40004 Unauth. Access Token Manipulation vulnerability in multiple ServMask WordPress plugins	19 Jun 202412:03	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (August 28, 2023 to September 3, 2023)	7 Sep 202312:51	–	wordfence

[
  {
    "defaultStatus": "unaffected",
    "product": "All-in-One WP Migration Box Extension",
    "vendor": "ServMask",
    "versions": [
      {
        "changes": [
          {
            "at": "1.54",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.53",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "All-in-One WP Migration OneDrive Extension",
    "vendor": "ServMask",
    "versions": [
      {
        "changes": [
          {
            "at": "1.67",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.66",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "All-in-One WP Migration Dropbox Extension",
    "vendor": "ServMask",
    "versions": [
      {
        "changes": [
          {
            "at": "3.76",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.75",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "All-in-One WP Migration Google Drive Extension",
    "vendor": "ServMask",
    "versions": [
      {
        "changes": [
          {
            "at": "2.80",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.79",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
patchstack	www.patchstack.com/database/vulnerability/all-in-one-wp-migration-dropbox-extension/wordpress-all-in-one-wp-migration-dropbox-extension-plugin-3-75-unauthenticated-access-token-manipulation-vulnerability
patchstack	www.patchstack.com/database/vulnerability/all-in-one-wp-migration-box-extension/wordpress-all-in-one-wp-migration-box-extension-plugin-1-53-unauthenticated-access-token-manipulation-vulnerability
patchstack	www.patchstack.com/database/vulnerability/all-in-one-wp-migration-gdrive-extension/wordpress-all-in-one-wp-migration-google-drive-extension-plugin-2-79-unauthenticated-access-token-manipulation-vulnerability
patchstack	www.patchstack.com/database/vulnerability/all-in-one-wp-migration-onedrive-extension/wordpress-all-in-one-wp-migration-onedrive-extension-plugin-1-66-unauthenticated-access-token-manipulation-vulnerability
patchstack	www.patchstack.com/articles/pre-auth-access-token-manipulation-in-all-in-one-wp-migration-extensions

28 Apr 2026 16:08Current

CVSS 3.17.3

EPSS0.09666

CWE-862