All-in-One WP Migration <= 7.58 - Directory Traversal to File Deletion on Windows Hosts
CVE-2022-1476

6.6MEDIUM

Key Information:

Vendor: Wordpress
Status: All-in-one WP Migration
Vendor: CVE Published:; 10 May 2022

Summary

The All-in-One WP Migration plugin for WordPress is vulnerable to arbitrary file deletion via directory traversal due to insufficient file validation via the ~/lib/model/class-ai1wm-backups.php file, in versions up to, and including, 7.58. This can be exploited by administrative users, and users who have access to the site's secret key.

Affected Version(s)

All-in-One WP Migration 7.58

References

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

x_refsource_MISC

https://www.wordfence.com/vulnerability-advisories/#CVE-2...

x_refsource_MISC

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 10, 2022
Vulnerability Reserved
Apr 26, 2022

Credit

haidv35 from Viettel Cyber Security