Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:servmask:all-in-one_wp_migration:7.44:*:*:*:*:wordpress:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-2546 |
The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wm_export AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response that will be executed in the victims session. Note: This requires knowledge of a static secret key Published: February 02, 2023; 4:15:08 AM -0500 |
V4.0:(not available) V3.1: 4.7 MEDIUM V2.0:(not available) |
CVE-2022-1476 |
The All-in-One WP Migration plugin for WordPress is vulnerable to arbitrary file deletion via directory traversal due to insufficient file validation via the ~/lib/model/class-ai1wm-backups.php file, in versions up to, and including, 7.58. This can be exploited by administrative users, and users who have access to the site's secret key. Published: May 10, 2022; 4:15:08 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 5.5 MEDIUM |