WordPress Migration Plugin’s Vulnerability Leaves Websites Open to Attacks

WordPress Migration Plugin's Vulnerability Leaves Websites Open to Attacks

A vulnerability in multiple All-in-One WP Migration plugin extensions may expose WordPress websites to attacks that result in the disclosure of sensitive data.

All-in-One WP Migration is a very well-liked plugin for moving websites that also offers several premium extensions for migrating to third-party platforms. It has more than five million installations and is maintained by ServMask.

The Box, Google Drive, OneDrive, and Dropbox extensions from All-in-One WP Migration have a vulnerability that could let hackers access sensitive data, according to WordPress security company Patchstack.

The bug, identified as CVE-2023-40004 and categorized as an unauthenticated access token manipulation issue, could give an unauthenticated attacker access to change the extension’s access token settings.

Read More: Vulnerability in WordPress Migration Plugin Exposes Websites to Attacks

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.