Vulnerability noted in WordPress Plugin All-in-One WP Migration version 6.97

The WordPress Plugin “All-In-One WP Migration” is a popular one (2+ million active installations) and a recent version has been noted with a vulnerability:

All-in-One WP Migration <= 6.97 – XSS in admin backend

Description : An attacker would already have to be able to either compromise the database or gain access to a user account with high enough privileges to view the backup history, so some damage has already been done, but such an attacker could then also insert some XSS in order to compromise other admin users.

When double-clicking the backup description on the backup history overview page, in order to edit the description text, the text is not sanitized/escaped via html entities when generating the input field.

This has been reported to the plugin author on 2 July 2019 and confirmed to be fixed in version 7.0 on 17 July 2019.

Proof of Concept: The PoC will be displayed on July 24, 2019, to give users the time to update.

###

If this is a plugin you have on your site…update it ASAP!

Scott E

[the_ad_group id=”1811″]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s