Vulnerabilities and Security Researches

All-in-One WP Migration, CVE-2021-24216

CVE, Research URL: CVE-2021-24216
Home page URL: Security reports for All-in-One WP Migration
Application: All-in-One WP Migration
Published on: Mar 07, 2022
Research Description: The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files' extension, which allows administrators to upload PHP files on their site, even on multisite installations.
Affected versions: Min -, max 7.41.
Status: vulnerable