All-in-One WP Migration < 7.15 - Arbitrary Backup Download



Description
Lack of randomness in the backup filenames could allow unauthenticated attackers to guess and download them

Affects Plugin

fixed in version 7.15

References

URL https://vavkamil.cz/2020/03/25/all-in-one-wp-migration/

Classification

Type PRIVESC
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-269

Miscellaneous

Original Researcher vavkamil
Views 835
Verified No
WPVDB ID 10151

Timeline

Publicly Published 2020-03-25 (9 days ago)
Added 2020-03-25 (8 days ago)
Last Updated 2020-03-26 (8 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin