exploitDog

GHSA-qjj4-mxpm-p3m8

Опубликовано: 11 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

The All-in-One WP Migration plugin for WordPress is vulnerable to arbitrary file deletion via directory traversal due to insufficient file validation via the ~/lib/model/class-ai1wm-backups.php file, in versions up to, and including, 7.58. This can be exploited by administrative users, and users who have access to the site's secret key.

The All-in-One WP Migration plugin for WordPress is vulnerable to arbitrary file deletion via directory traversal due to insufficient file validation via the ~/lib/model/class-ai1wm-backups.php file, in versions up to, and including, 7.58. This can be exploited by administrative users, and users who have access to the site's secret key.

Ссылки

EPSS

Процентиль: 97%

0.35315

Средний

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-22

Связанные уязвимости

CVE-2022-1476

CVSS3: 6.6

nvd

больше 3 лет назад

The All-in-One WP Migration plugin for WordPress is vulnerable to arbitrary file deletion via directory traversal due to insufficient file validation via the ~/lib/model/class-ai1wm-backups.php file, in versions up to, and including, 7.58. This can be exploited by administrative users, and users who have access to the site's secret key.

EPSS

Процентиль: 97%

0.35315

Средний

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-22