CVE-2021-24216

The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files' extension, which allows administrators to upload PHP files on their site, even on multisite installations.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
WPScanCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
servmaskone-stop_wp_migration
𝑥
< 7.41
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://plugins.trac.wordpress.org/changeset/2516181#file8
https://wpscan.com/vulnerability/87c6052c-2628-4987-a9a3-a03b5ca1e083
https://plugins.trac.wordpress.org/changeset/2516181#file8
https://wpscan.com/vulnerability/87c6052c-2628-4987-a9a3-a03b5ca1e083