Search
Find a vulnerability
Search criteria
2 vulnerabilities found for one-stop_wp_migration by servmask
CVE-2021-24216 (GCVE-0-2021-24216)
Vulnerability from nvd – Published: 2022-03-07 08:15 – Updated: 2024-08-03 19:21
VLAI
Title
All-in-One WP Migration < 7.41 - Admin+ Arbitrary File Upload to RCE
Summary
The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files' extension, which allows administrators to upload PHP files on their site, even on multisite installations.
Severity
No CVSS data available.
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/87c6052c-2628-49… | x_refsource_MISC |
| https://plugins.trac.wordpress.org/changeset/2516… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | All-in-One WP Migration |
Affected:
7.41 , < 7.41
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/87c6052c-2628-4987-a9a3-a03b5ca1e083"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2516181#file8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All-in-One WP Migration",
"vendor": "Unknown",
"versions": [
{
"lessThan": "7.41",
"status": "affected",
"version": "7.41",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "YICHENG LIU-ZTE CHENFENG lab"
}
],
"descriptions": [
{
"lang": "en",
"value": "The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files\u0027 extension, which allows administrators to upload PHP files on their site, even on multisite installations."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T08:15:55.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/87c6052c-2628-4987-a9a3-a03b5ca1e083"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2516181#file8"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "All-in-One WP Migration \u003c 7.41 - Admin+ Arbitrary File Upload to RCE",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24216",
"STATE": "PUBLIC",
"TITLE": "All-in-One WP Migration \u003c 7.41 - Admin+ Arbitrary File Upload to RCE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All-in-One WP Migration",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "7.41",
"version_value": "7.41"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "YICHENG LIU-ZTE CHENFENG lab"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files\u0027 extension, which allows administrators to upload PHP files on their site, even on multisite installations."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/87c6052c-2628-4987-a9a3-a03b5ca1e083",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/87c6052c-2628-4987-a9a3-a03b5ca1e083"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2516181#file8",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2516181#file8"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24216",
"datePublished": "2022-03-07T08:15:55.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:21:18.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24216 (GCVE-0-2021-24216)
Vulnerability from cvelistv5 – Published: 2022-03-07 08:15 – Updated: 2024-08-03 19:21
VLAI
Title
All-in-One WP Migration < 7.41 - Admin+ Arbitrary File Upload to RCE
Summary
The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files' extension, which allows administrators to upload PHP files on their site, even on multisite installations.
Severity
No CVSS data available.
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/87c6052c-2628-49… | x_refsource_MISC |
| https://plugins.trac.wordpress.org/changeset/2516… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | All-in-One WP Migration |
Affected:
7.41 , < 7.41
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/87c6052c-2628-4987-a9a3-a03b5ca1e083"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2516181#file8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "All-in-One WP Migration",
"vendor": "Unknown",
"versions": [
{
"lessThan": "7.41",
"status": "affected",
"version": "7.41",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "YICHENG LIU-ZTE CHENFENG lab"
}
],
"descriptions": [
{
"lang": "en",
"value": "The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files\u0027 extension, which allows administrators to upload PHP files on their site, even on multisite installations."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T08:15:55.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/87c6052c-2628-4987-a9a3-a03b5ca1e083"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2516181#file8"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "All-in-One WP Migration \u003c 7.41 - Admin+ Arbitrary File Upload to RCE",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24216",
"STATE": "PUBLIC",
"TITLE": "All-in-One WP Migration \u003c 7.41 - Admin+ Arbitrary File Upload to RCE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All-in-One WP Migration",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "7.41",
"version_value": "7.41"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "YICHENG LIU-ZTE CHENFENG lab"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files\u0027 extension, which allows administrators to upload PHP files on their site, even on multisite installations."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/87c6052c-2628-4987-a9a3-a03b5ca1e083",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/87c6052c-2628-4987-a9a3-a03b5ca1e083"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2516181#file8",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2516181#file8"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24216",
"datePublished": "2022-03-07T08:15:55.000Z",
"dateReserved": "2021-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:21:18.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}