All in One WordPress Migration Vulnerability

Posted on 18/07/2019 by Jamie Martin

A vulnerability has been discovered in the "All In One WordPress Migration" WordPress plugin.

All versions earlier than, and including 6.97 contain a vulnerability which allows Cross-Site Scripting (XSS).

With over 2 million active installations, this vulnerability has the potential to be high impact, however, this is lessened by the nature of the vulnerability, which requires either an admin account or database compromise to already be in place. (e.g your site or hosting account would have had to be hacked via another method already for this to work)

The vulnerability can be tested by going to the backup history within your WordPress admin dashboard and double clicking the backup description. The edit box allows for un-sanitised input which allows malicious users to run queries on the database.

All users should upgrade to version 7.0 or above (released on July 17th 2019) immediately to avoid any potential compromise of their website.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© Copyright 2019 FreshSites Limited. Registered in England and Wales no. 7812509
Website Design by Pyxal
All in One WordPress Migration Vulnerability | FreshSites All in One WordPress Migration Vulnerability | FreshSites All in One WordPress Migration Vulnerability | FreshSites All in One WordPress Migration Vulnerability | FreshSites All in One WordPress Migration Vulnerability | FreshSites All in One WordPress Migration Vulnerability | FreshSites All in One WordPress Migration Vulnerability | FreshSites All in One WordPress Migration Vulnerability | FreshSites All in One WordPress Migration Vulnerability | FreshSites All in One WordPress Migration Vulnerability | FreshSites All in One WordPress Migration Vulnerability | FreshSites All in One WordPress Migration Vulnerability | FreshSites All in One WordPress Migration Vulnerability | FreshSites All in One WordPress Migration Vulnerability | FreshSites