2 matches found
WordPress All-in-One WP Migration Unlimited Extension plugin <= 2.83 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Backup Schedule Creation and Backup File Download vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Backup Schedule Creation and Backup File Download vulnerability discovered by Sélim Lanouar whattheslime in WordPress Plugin All-in-One WP Migration Unlimited Extension versions = 2.83...
CVE-2026-5753
The CVE CVE-2026-5753 concerns the All-in-One WP Migration Unlimited Extension for WordPress (versions ≤ 2.83). The root cause is Missing Authorization in Ai1wmve_Schedules_Controller::save for admin_post_ai1wm_schedule_event_save, which does not verify user capabilities before saving schedule da...