Vulnerability Details CVE-2022-1476
The All-in-One WP Migration plugin for WordPress is vulnerable to arbitrary file deletion via directory traversal due to insufficient file validation via the ~/lib/model/class-ai1wm-backups.php file, in versions up to, and including, 7.58. This can be exploited by administrative users, and users who have access to the site's secret key.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.232
EPSS Ranking 95.7%
CVSS Severity
CVSS v3 Score 6.6
CVSS v2 Score 5.5
References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2715609%40all-in-one-wp-migration&new=2715609%40all-in-one-wp-migration&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e58634c3-7fcd-4885-b897-4e6a97fb06ac?source=cve
- https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1476
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2715609%40all-in-one-wp-migration&new=2715609%40all-in-one-wp-migration&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e58634c3-7fcd-4885-b897-4e6a97fb06ac?source=cve
- https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1476
Products affected by CVE-2022-1476
-
cpe:2.3:a:servmask:all-in-one_wp_migration:-
-
cpe:2.3:a:servmask:all-in-one_wp_migration:7.39
-
cpe:2.3:a:servmask:all-in-one_wp_migration:7.40
-
cpe:2.3:a:servmask:all-in-one_wp_migration:7.41
-
cpe:2.3:a:servmask:all-in-one_wp_migration:7.42
-
cpe:2.3:a:servmask:all-in-one_wp_migration:7.43
-
cpe:2.3:a:servmask:all-in-one_wp_migration:7.44
-
cpe:2.3:a:servmask:all-in-one_wp_migration:7.45
-
cpe:2.3:a:servmask:all-in-one_wp_migration:7.46
-
cpe:2.3:a:servmask:all-in-one_wp_migration:7.47
-
cpe:2.3:a:servmask:all-in-one_wp_migration:7.48
-
cpe:2.3:a:servmask:all-in-one_wp_migration:7.49
-
cpe:2.3:a:servmask:all-in-one_wp_migration:7.50
-
cpe:2.3:a:servmask:all-in-one_wp_migration:7.51
-
cpe:2.3:a:servmask:all-in-one_wp_migration:7.52
-
cpe:2.3:a:servmask:all-in-one_wp_migration:7.53
-
cpe:2.3:a:servmask:all-in-one_wp_migration:7.54
-
cpe:2.3:a:servmask:all-in-one_wp_migration:7.55
-
cpe:2.3:a:servmask:all-in-one_wp_migration:7.56
-
cpe:2.3:a:servmask:all-in-one_wp_migration:7.57
-
cpe:2.3:a:servmask:all-in-one_wp_migration:7.58