CVE-2021-24216

Summary

The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files' extension, which allows administrators to upload PHP files on their site, even on multisite installations.

Affected Software

VendorProductVersion RangeStatus
UnknownAll-in-One WP Migration7.41 < 7.41affected

Weaknesses

  • CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type

ADP Enrichment

CVE Program Container

Additional References

References