A vulnerability in several extensions for the All-in-One WP Migration plugin potentially exposes WordPress websites to attacks leading to sensitive information disclosure.
With more than five million installations and maintained by ServMask, All-in-One WP Migration is a highly popular plugin for moving websites that also provides several premium extensions for migrating to third-party platforms.
On Wednesday, WordPress security firm Patchstack shared details on a vulnerability impacting All-in-One WP Migration’s Box, Google Drive, OneDrive, and Dropbox extensions that could allow attackers to access sensitive information.
Tracked as CVE-2023-40004 and described as an unauthenticated access token manipulation issue, the bug could allow an unauthenticated attacker to tamper with the access token configuration of the affected extension.
“This access token manipulation could result in a potential sensitive information disclosure of migration to the attacker’s controlled third-party account or restore a malicious backup,” Patchstack says.
The flaw was identified in the init function of the affected extensions, which is “hooked to the WordPress’s admin_init hook”, which in turn can be triggered by an attacker, without authentication.
“Since there is no permission and nonce validation on the init function, an unauthenticated user is able to modify or delete the access token used on each of the affected extensions,” Patchstack explains.
On July 18, the WordPress security firm reported the vulnerability to ServMask, which patched the bug in all impacted extensions by “adding permission and nonce validation on the init function”.
Users are advised to update to All-in-One WP Migration’s Box extension version 1.54, Google Drive extension version 2.80, OneDrive extension version 1.67, and Dropbox extension version 3.76, which were released at the end of July.
Related: Critical WordPress Plugin Vulnerabilities Impact Thousands of Sites
Related: WordPress Sites Hacked via Critical Vulnerability in WooCommerce Payments Plugin
Related: Popular WordPress Security Plugin Caught Logging Plaintext Passwords
More from Ionut Arghire
- Silverfort Open Sources Lateral Movement Detection Tool
- Generative AI Startup Nexusflow Raises $10.6 Million
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks
- Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers
- FBI Warns Organizations of Dual Ransomware, Wiper Attacks
- Lumu Raises $30 Million for Threat Detection and Response Platform
- Cisco Warns of IOS Software Zero-Day Exploitation Attempts
Latest News
- Silverfort Open Sources Lateral Movement Detection Tool
- Bankrupt IronNet Shuts Down Operations
- AWS Using MadPot Decoy System to Disrupt APTs, Botnets
- Generative AI Startup Nexusflow Raises $10.6 Million
- In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea
- Researchers Extract Sounds From Still Images on Smartphone Cameras
- National Security Agency is Starting an Artificial Intelligence Security Center
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
