Lucene search
K

41 matches found

Nuclei
Nuclei
added 3 hours ago41 views

WordPress All-in-One WP Migration <=7.62 - Cross-Site Scripting

WordPress All-in-One WP Migration plugin 7.62 and prior contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials a...

4.7CVSS5.8AI score0.01204EPSS
Exploits3References5
Nuclei
Nuclei
added 3 hours ago20 views

All-in-One WP Migration < 7.87 - Unauthenticated Information Disclosure

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to unauthenticated information disclosure due to its error.log file being publicly accessible in versions before 7.87. id: CVE-2024-8852 info: name: All-in-One WP Migration 7.87 - Unauthenticated Information Disclosure...

5.3CVSS5.8AI score0.01175EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-6287

Malicious code in bioql PyPI...

7.5CVSS9.2AI score0.00521EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/22 10:19 p.m.10 views

CVE-2022-1476

The All-in-One WP Migration plugin for WordPress is vulnerable to arbitrary file deletion via directory traversal due to insufficient file validation via the /lib/model/class-ai1wm-backups.php file, in versions up to, and including, 7.58. This can be exploited by administrative users, and users w...

6.6CVSS7AI score0.47495EPSS
Exploits0References1
NVD
NVD
added 2025/03/13 1:15 p.m.8 views

CVE-2024-10942

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.89 via deserialization of untrusted input in the 'replaceserializedvalues' function. This makes it possible for unauthenticated attackers to inject a PHP Objec...

7.5CVSS0.00521EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/03/13 12:42 p.m.12 views

CVE-2024-10942 All in One WP Migration <= 7.89 - Unauthenticated PHP Object Injection

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.89 via deserialization of untrusted input in the 'replaceserializedvalues' function. This makes it possible for unauthenticated attackers to inject a PHP Objec...

7.5CVSS0.00521EPSS
Exploits0References3
CVE
CVE
added 2025/03/13 12:42 p.m.168 views

CVE-2024-10942

The CVE-2024-10942 entry concerns All-in-One WP Migration and Backup for WordPress (

7.5CVSS7.7AI score0.00521EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/13 12:42 p.m.54 views

CVE-2024-10942 All in One WP Migration <= 7.89 - Unauthenticated PHP Object Injection

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.89 via deserialization of untrusted input in the 'replaceserializedvalues' function. This makes it possible for unauthenticated attackers to inject a PHP Objec...

7.5CVSS7.7AI score0.00521EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/05 4:26 a.m.9 views

CVE-2024-9162

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to arbitrary PHP Code Injection due to missing file type validation during the export in all versions up to, and including, 7.86. This makes it possible for authenticated attackers, with Administrator-level access and above...

7.2CVSS8AI score0.02668EPSS
Exploits1References1
Patchstack
Patchstack
added 2024/10/28 12:0 a.m.19 views

WordPress All-in-One WP Migration Plugin <= 7.86 is vulnerable to PHP Object Injection

Software All-in-One WP Migration Type Plugin Vulnerable versions = 7.86 Fixed in 7.87 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-9162 Patch priority Low CVSS severity Low 7.2 Developer ServMask, Inc PSID 44c4c1ddd033 Credits Ryan Kozak Required privilege...

7.2CVSS6.9AI score0.02668EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/10/22 6:15 a.m.4 views

CVE-2024-8852

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.86 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information such as full...

5.3CVSS5.8AI score0.01175EPSS
Exploits0References3
CVE
CVE
added 2024/10/22 5:33 a.m.95 views

CVE-2024-8852

The CVE-2024-8852 entry concerns the All-in-One WP Migration and Backup plugin for WordPress. Affected versions are up to and including 7.86 (per NVD/WP sources) with unauthenticated information disclosure due to publicly accessible error.log files or log data, enabling disclosure of potentially ...

5.3CVSS5.4AI score0.01175EPSS
In wildExploits0References3Affected Software1
CNNVD
CNNVD
added 2024/10/22 12:0 a.m.2 views

WordPress plugin All-in-One WP Migration and Backup 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

5.3CVSS6.2AI score0.01175EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/10/21 7:15 p.m.5 views

WordPress All-in-One WP Migration and Backup plugin <= 7.86 - Unauthenticated Information Disclosure via Error Logs vulnerability

Unauthenticated Information Disclosure via Error Logs vulnerability discovered by villu164 in WordPress Plugin All-in-One WP Migration versions = 7.86...

5.3CVSS6.6AI score0.01175EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/21 12:0 a.m.14 views

WordPress All-in-One WP Migration Plugin <= 7.86 is vulnerable to Sensitive Data Exposure

Software All-in-One WP Migration Type Plugin Vulnerable versions = 7.86 Fixed in 7.87 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-8852 Patch priority Low CVSS severity Low 5.3 Developer ServMask, Inc PSID 1b517ae2c2c6 Credits villu164 Required...

5.3CVSS6.5AI score0.01175EPSS
Exploits0References3Affected Software1
GithubExploit
GithubExploit
added 2024/09/29 7:34 p.m.563 views

Exploit for CVE-2024-9162

CVE-2024-9162 All-in-One WP Migration and Backup SELECT op...

7.2CVSS6.4AI score0.02668EPSS
Exploits1
NVD
NVD
added 2024/06/19 12:15 p.m.19 views

CVE-2023-40004

Missing Authorization vulnerability in ServMask All-in-One WP Migration Box Extension, ServMask All-in-One WP Migration OneDrive Extension, ServMask All-in-One WP Migration Dropbox Extension, ServMask All-in-One WP Migration Google Drive Extension.This issue affects All-in-One WP Migration Box...

7.3CVSS0.09666EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/06/19 12:3 p.m.27 views

CVE-2023-40004 Unauth. Access Token Manipulation vulnerability in multiple ServMask WordPress plugins

Missing Authorization vulnerability in ServMask All-in-One WP Migration Box Extension, ServMask All-in-One WP Migration OneDrive Extension, ServMask All-in-One WP Migration Dropbox Extension, ServMask All-in-One WP Migration Google Drive Extension.This issue affects All-in-One WP Migration Box...

7.3CVSS7.4AI score0.09666EPSS
Exploits1References5
WPVulnDB
WPVulnDB
added 2023/08/31 12:0 a.m.21 views

Multiple Plugins from ServMask - Unauthenticated Access Token Update

Description The plugins do not have authorisation in the init function hooked to the admininit action, allowing unauthenticated attackers to update the access token PoC With the All-in-One WP Migration Box Extension installed, open the below URL as unauthenticated:...

6.3AI score0.09666EPSS
Exploits1Affected Software1
Patchstack
Patchstack
added 2023/08/30 12:0 a.m.14 views

WordPress All-in-One WP Migration Box Extension Plugin <= 1.53 is vulnerable to Broken Access Control

Software All-in-One WP Migration Box Extension Type Plugin Vulnerable versions = 1.53 Fixed in 1.54 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40004 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID 2ca675b8186e Credits Rafie...

7.3CVSS7AI score0.09666EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder