CVE-2021-24216 Information
Jun 07, 2022
cve
Description
The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files’ extension which allows administrators to upload PHP files on their site even on multisite installations.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Reference
https://wpscan.com/vulnerability/87c6052c-2628-4987-a9a3-a03b5ca1e083 https://plugins.trac.wordpress.org/changeset/2516181#file8
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction Required
HIGH
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
7.2
Share on: