CVE-2022-1476

The All-in-One WP Migration plugin for WordPress is vulnerable to arbitrary file deletion via directory traversal due to insufficient file validation via the ~/lib/model/class-ai1wm-backups.php file, in versions up to, and including, 7.58. This can be exploited by administrative users, and users who have access to the site's secret key.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:servmask:all-in-one_wp_migration:*:*:*:*:*:wordpress:*:*

Information

Published : 2022-05-10 13:15

Updated : 2022-05-18 08:14


NVD link : CVE-2022-1476

Mitre link : CVE-2022-1476


JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa

Products Affected

servmask

  • all-in-one_wp_migration