WordPress All-in-One WP Migration <=7.62 - Cross-Site Scripting

WordPress All-in-One WP Migration plugin 7.62 and prior contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials a...

All-in-One WP Migration < 7.87 - Unauthenticated Information Disclosure

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to unauthenticated information disclosure due to its error.log file being publicly accessible in versions before 7.87. id: CVE-2024-8852 info: name: All-in-One WP Migration 7.87 - Unauthenticated Information Disclosure...

EUVD-2025-6287

Malicious code in bioql PyPI...

EUVD-2023-44627

Malicious code in bioql PyPI...

EUVD-2024-29918

Malicious code in bioql PyPI...

CVE-2025-8490 All-in-One WP Migration and Backup <= 7.97 - Authenticated (Administrator+) Stored Cross-Site Scripting via Import

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Import in all versions up to, and including, 7.97 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

CVE-2024-32096

Cross-Site Request Forgery CSRF vulnerability in DAEV.Tech WP Migration Plugin DB & Files – WP Synchro.This issue affects WP Migration Plugin DB & Files – WP Synchro: from n/a through 1.11.2...

CVE-2022-1476

The All-in-One WP Migration plugin for WordPress is vulnerable to arbitrary file deletion via directory traversal due to insufficient file validation via the /lib/model/class-ai1wm-backups.php file, in versions up to, and including, 7.58. This can be exploited by administrative users, and users w...

CVE-2024-10942

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.89 via deserialization of untrusted input in the 'replaceserializedvalues' function. This makes it possible for unauthenticated attackers to inject a PHP Objec...

CVE-2024-10942 All in One WP Migration <= 7.89 - Unauthenticated PHP Object Injection

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.89 via deserialization of untrusted input in the 'replaceserializedvalues' function. This makes it possible for unauthenticated attackers to inject a PHP Objec...

CVE-2024-10942 All in One WP Migration <= 7.89 - Unauthenticated PHP Object Injection

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.89 via deserialization of untrusted input in the 'replaceserializedvalues' function. This makes it possible for unauthenticated attackers to inject a PHP Objec...

CVE-2024-10942

The CVE-2024-10942 entry concerns All-in-One WP Migration and Backup for WordPress (

CVE-2024-23506

Insertion of Sensitive Information Into Sent Data vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through = 0.1.0.9...

CVE-2024-9162

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to arbitrary PHP Code Injection due to missing file type validation during the export in all versions up to, and including, 7.86. This makes it possible for authenticated attackers, with Administrator-level access and above...

WordPress All-in-One WP Migration Plugin <= 7.86 is vulnerable to PHP Object Injection

Software All-in-One WP Migration Type Plugin Vulnerable versions = 7.86 Fixed in 7.87 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-9162 Patch priority Low CVSS severity Low 7.2 Developer ServMask, Inc PSID 44c4c1ddd033 Credits Ryan Kozak Required privilege...

CVE-2024-8852

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.86 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information such as full...

CVE-2024-8852

The CVE-2024-8852 entry concerns the All-in-One WP Migration and Backup plugin for WordPress. Affected versions are up to and including 7.86 (per NVD/WP sources) with unauthenticated information disclosure due to publicly accessible error.log files or log data, enabling disclosure of potentially ...

WordPress plugin All-in-One WP Migration and Backup 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

WordPress All-in-One WP Migration and Backup plugin <= 7.86 - Unauthenticated Information Disclosure via Error Logs vulnerability

Unauthenticated Information Disclosure via Error Logs vulnerability discovered by villu164 in WordPress Plugin All-in-One WP Migration versions = 7.86...

WordPress All-in-One WP Migration Plugin <= 7.86 is vulnerable to Sensitive Data Exposure

Software All-in-One WP Migration Type Plugin Vulnerable versions = 7.86 Fixed in 7.87 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-8852 Patch priority Low CVSS severity Low 5.3 Developer ServMask, Inc PSID 1b517ae2c2c6 Credits villu164 Required...