CVE-2021-24216

CVE-2021-24216: All-in-One WP Migration < 7.41 - Admin+ Arbitrary File Upload to RCE

Vendor Unknown
Product All-in-One WP Migration
Weakness CWE-434 · Unrestricted file upload
Published March 7, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files' extension, which allows administrators to upload PHP files on their site, even on multisite installations.

Key dates

02Disclosure timeline

March 7, 2022 CVE published
August 3, 2024 Record updated