CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-24216

The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files' extension, which allows administrators to upload PHP files on their site, even on multisite installations.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 73.6%

CVSS Severity

CVSS v3 Score 7.2

CVSS v2 Score 6.5

References

https://plugins.trac.wordpress.org/changeset/2516181#file8
https://wpscan.com/vulnerability/87c6052c-2628-4987-a9a3-a03b5ca1e083
https://plugins.trac.wordpress.org/changeset/2516181#file8
https://wpscan.com/vulnerability/87c6052c-2628-4987-a9a3-a03b5ca1e083

Products affected by CVE-2021-24216

Servmask » One-Stop Wp Migration » Version: N/A

cpe:2.3:a:servmask:one-stop_wp_migration:-
Servmask » One-Stop Wp Migration » Version: 7.39

cpe:2.3:a:servmask:one-stop_wp_migration:7.39
Servmask » One-Stop Wp Migration » Version: 7.40

cpe:2.3:a:servmask:one-stop_wp_migration:7.40

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-24216

Products

Pricing

Contact Us