Missing Authorization vulnerability Affects All-in-One WP Migration Box Extension
CVE-2023-40004

7.3HIGH

Key Information:

Vendor
Servmask
Status
All-in-one WP Migration Box Extension
All-in-one WP Migration Onedrive Extension
All-in-one WP Migration Dropbox Extension
All-in-one WP Migration Google Drive Extension
Vendor
CVE Published:
19 June 2024

Summary

A missing authorization vulnerability has been identified in multiple extensions of the ServMask All-in-One WP Migration plugin. This flaw allows unauthorized access to sensitive functionalities, enabling potential attackers to manipulate access tokens across the affected extensions. The vulnerability impacts specific versions of the Box, OneDrive, Dropbox, and Google Drive extensions, leaving installations of the All-in-One WP Migration plugin susceptible to exploitation. Users of these extensions should assess their current versions and apply necessary updates to mitigate risks associated with unauthorized access.

Affected Version(s)

All-in-One WP Migration Box Extension <= 1.53

All-in-One WP Migration Dropbox Extension <= 3.75

All-in-One WP Migration Google Drive Extension <= 2.79

References

https://patchstack.com/database/vulnerability/all-in-one-...
vdb-entry
https://patchstack.com/database/vulnerability/all-in-one-...
vdb-entry
https://patchstack.com/database/vulnerability/all-in-one-...
vdb-entry

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Rafie Muhammad (Patchstack)
.