CVE-2021-24216

Published: Mar 7, 2022Modified: Jun 17, 2026

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files' extension, which allows administrators to upload PHP files on their site, even on multisite installations.

Affected (1)

Products: Servmask: One Stop Wp Migration

Servmask

1 product

One Stop Wp Migration

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Servmask One Stop Wp Migration	Before 7.41

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

https://plugins.trac.wordpress.org/changeset/2516181#file8

Source: contact@wpscan.com

PatchThird Party Advisory

https://wpscan.com/vulnerability/87c6052c-2628-4987-a9a3-a03b5ca1e083

Source: contact@wpscan.com

ExploitThird Party Advisory

https://plugins.trac.wordpress.org/changeset/2516181#file8

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://wpscan.com/vulnerability/87c6052c-2628-4987-a9a3-a03b5ca1e083

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.