77 matches found
All-in-One WP Migration < 7.87 - Unauthenticated Information Disclosure
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to unauthenticated information disclosure due to its error.log file being publicly accessible in versions before 7.87. id: CVE-2024-8852 info: name: All-in-One WP Migration 7.87 - Unauthenticated Information Disclosure...
WordPress All-in-One WP Migration <=7.62 - Cross-Site Scripting
WordPress All-in-One WP Migration plugin 7.62 and prior contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials a...
CVE-2025-53217
Missing Authorization vulnerability in staviravn AIO WP Builder all-in-one-wp-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AIO WP Builder: from n/a through = 2.0.2...
EUVD-2016-1861
Malware in sbrugna...
EUVD-2015-0903
Malware in sbrugna...
EUVD-2015-0904
Malware in sbrugna...
EUVD-2020-21551
Malware in sbrugna...
EUVD-2025-6287
Malicious code in bioql PyPI...
EUVD-2023-56820
Malicious code in bioql PyPI...
EUVD-2024-28389
Malicious code in bioql PyPI...
CVE-2022-1476
The All-in-One WP Migration plugin for WordPress is vulnerable to arbitrary file deletion via directory traversal due to insufficient file validation via the /lib/model/class-ai1wm-backups.php file, in versions up to, and including, 7.58. This can be exploited by administrative users, and users w...
CVE-2020-29171
Cross-site scripting XSS vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security & Firewall all-in-one-wp-security-and-firewall plugin before 4.4.6 for WordPress...
CVE-2015-9310
The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues...
CVE-2016-10868
The all-in-one-wp-security-and-firewall plugin before 4.0.5 for WordPress has XSS in the blacklist, file system, and file change detection settings pages...
CVE-2024-10942
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.89 via deserialization of untrusted input in the 'replaceserializedvalues' function. This makes it possible for unauthenticated attackers to inject a PHP Objec...
CVE-2024-10942 All in One WP Migration <= 7.89 - Unauthenticated PHP Object Injection
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.89 via deserialization of untrusted input in the 'replaceserializedvalues' function. This makes it possible for unauthenticated attackers to inject a PHP Objec...
CVE-2024-10942 All in One WP Migration <= 7.89 - Unauthenticated PHP Object Injection
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.89 via deserialization of untrusted input in the 'replaceserializedvalues' function. This makes it possible for unauthenticated attackers to inject a PHP Objec...
CVE-2024-10942
The CVE-2024-10942 entry concerns All-in-One WP Migration and Backup for WordPress (
WordPress All in One WP Migration plugin <= 7.89 - Unauthenticated PHP Object Injection vulnerability
Unauthenticated PHP Object Injection vulnerability discovered by Webbernaut in WordPress Plugin All-in-One WP Migration versions = 7.89...
CVE-2024-9162
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to arbitrary PHP Code Injection due to missing file type validation during the export in all versions up to, and including, 7.86. This makes it possible for authenticated attackers, with Administrator-level access and above...