A vulnerability in multiple All-in-One WP Migration plugin extensions may expose WordPress websites to attacks that result in the disclosure of sensitive data.
All-in-One WP Migration is a very well-liked plugin for moving websites that also offers several premium extensions for migrating to third-party platforms. It has more than five million installations and is maintained by ServMask.
The Box, Google Drive, OneDrive, and Dropbox extensions from All-in-One WP Migration have a vulnerability that could let hackers access sensitive data, according to WordPress security company Patchstack.
The bug, identified as CVE-2023-40004 and categorized as an unauthenticated access token manipulation issue, could give an unauthenticated attacker access to change the extension’s access token settings.
Read More: Vulnerability in WordPress Migration Plugin Exposes Websites to Attacks
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.