CVE-2021-24216

EUVD-2021-11130
The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files' extension, which allows administrators to upload PHP files on their site, even on multisite installations.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
Affected Products (NVD)
VendorProductVersion
servmaskone-stop_wp_migration
𝑥
< 7.41
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://plugins.trac.wordpress.org/changeset/2516181#file8
https://wpscan.com/vulnerability/87c6052c-2628-4987-a9a3-a03b5ca1e083
https://plugins.trac.wordpress.org/changeset/2516181#file8
https://wpscan.com/vulnerability/87c6052c-2628-4987-a9a3-a03b5ca1e083