Description The plugins do not have authorisation in the init() function hooked to the admin_init action, allowing unauthenticated attackers to update the access token
With the All-in-One WP Migration Box Extension installed, open the below URL as unauthenticated: https://example.com/wp-admin/admin-ajax.php?ai1wmbe_token=AAAA