ThreatPress

WordPress Vulnerabilities Database

Back

WordPress All-in-One WP Migration plugin <= 6.97 - Cross-Site Scripting (XSS) vulnerability (admin backend)

Product
All-in-One WP Migration
Description
Cross-Site Scripting (XSS) vulnerability (admin backend) found by Connum in WordPress All-in-One WP Migration plugin (versions <= 6.97).
Solution
Update the WordPress All-in-One WP Migration plugin to the latest available version (at least 7.0).
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 6.97
Fixed In 7.0
Disclosure date
2019-07-18
Credits
Connum
Submitter
ThreatPress