CVE-2024-8852

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.86 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information such as full paths contained in the exposed log files.
Configurations

Configuration 1 (hide)

cpe:2.3:a:servmask:all-in-one_wp_migration:*:*:*:*:free:wordpress:*:*

History

25 Oct 2024, 21:20

Type Values Removed Values Added
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:servmask:all-in-one_wp_migration:*:*:*:*:free:wordpress:*:*
First Time Servmask
Servmask all-in-one Wp Migration
References () https://plugins.trac.wordpress.org/browser/all-in-one-wp-migration/tags/7.86/functions.php#L297 - () https://plugins.trac.wordpress.org/browser/all-in-one-wp-migration/tags/7.86/functions.php#L297 - Product
References () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3168605%40all-in-one-wp-migration&new=3168605%40all-in-one-wp-migration&sfp_email=&sfph_mail= - () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3168605%40all-in-one-wp-migration&new=3168605%40all-in-one-wp-migration&sfp_email=&sfph_mail= - Patch
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/c4901d9d-7b37-40d5-a42b-59c80bbbe8ff?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/c4901d9d-7b37-40d5-a42b-59c80bbbe8ff?source=cve - Third Party Advisory

23 Oct 2024, 15:12

Type Values Removed Values Added
Summary
  • (es) El complemento All-in-One WP Migration and Backup para WordPress es vulnerable a la exposición de información confidencial en todas las versiones hasta la 7.86 incluida, a través de archivos de registro expuestos públicamente. Esto permite que atacantes no autenticados vean información potencialmente confidencial, como las rutas completas contenidas en los archivos de registro expuestos.

22 Oct 2024, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-22 06:15

Updated : 2024-10-25 21:20


NVD link : CVE-2024-8852

Mitre link : CVE-2024-8852

CVE.ORG link : CVE-2024-8852


JSON object : View

Products Affected

servmask

  • all-in-one_wp_migration
CWE
NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor