CVE-2022-1476
Severity CVSS v4.0:
Pending analysis
Type:
CWE-22
Path Traversal
Publication date:
10/05/2022
Last modified:
08/04/2026
Description
The All-in-One WP Migration plugin for WordPress is vulnerable to arbitrary file deletion via directory traversal due to insufficient file validation via the ~/lib/model/class-ai1wm-backups.php file, in versions up to, and including, 7.58. This can be exploited by administrative users, and users who have access to the site's secret key.
Impact
Base Score 3.x
6.60
Severity 3.x
MEDIUM
Base Score 2.0
5.50
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:servmask:all-in-one_wp_migration:*:*:*:*:*:wordpress:*:* | 7.58 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2715609%40all-in-one-wp-migration&new=2715609%40all-in-one-wp-migration
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e58634c3-7fcd-4885-b897-4e6a97fb06ac?source=cve
- https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1476
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2715609%40all-in-one-wp-migration&new=2715609%40all-in-one-wp-migration
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e58634c3-7fcd-4885-b897-4e6a97fb06ac?source=cve
- https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1476