All-in-One WP Migration <= 2.0.4 - Unauthenticated Database Export
| Description | Unauthenticated users can export a complete copy of the WordPress database, all plugins, themes, and uploaded files. |
Affects Plugin
|
fixed in version 2.0.5
|
References
| METASPLOIT | auxiliary/gather/wp_all_in_one_migration_export |
| URL | http://www.pritect.net/blog/all-in-one-wp-migration-2-0-4-security-vulnerability |
Classification
| Type | AUTHBYPASS |
| OWASP Top 10 | A2: Broken Authentication and Session Management |
| CWE | CWE-287 |
Miscellaneous
| Submitter | James Golovich |
| Submitter Website | http://www.pritect.net |
| Submitter Twitter | Pritect |
| Views | 3353 |
| Verified | Yes |
| WPVDB ID | 7857 |
Timeline
| Publicly Published | 2015-03-19 (about 4 years ago) |
| Added | 2015-03-19 (about 4 years ago) |
| Last Updated | 2018-08-29 (8 months ago) |
Copyright & License
| Copyright | All data and resources contained within this page and this web site is Copyright © The WPScan Team. |
| License | Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us. |
