All-in-One WP Migration Unlimited Extension Missing Authorization Vulnerability Allowing Arbitrary Backup Schedule Creation and Download
Vulnerability
A missing authorization vulnerability has been identified in the All-in-One WP Migration Unlimited Extension for WordPress, affecting versions through 2.83. The issue arises because the 'Ai1wmve_Schedules_Controller::save' handler for 'admin_post_ai1wm_schedule_event_save' fails to verify user capabilities before saving schedule data. This vulnerability enables authenticated attackers with subscriber-level access and above to create scheduled export jobs and send backup notifications to email addresses controlled by the attacker. These notifications include the random backup filename, allowing full site backups to be downloaded from the target site, which could result in the exposure of sensitive information.
Impact
Exploitation of this vulnerability allows for unauthorized creation of backup schedules and downloading of backup files, potentially leading to exposure of sensitive information from the affected WordPress site.
Remediation
Users are advised to update the All-in-One WP Migration Unlimited Extension to version 2.84 or a newer patched version.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.