CVE-2023-40004

Summary

Missing Authorization vulnerability in ServMask All-in-One WP Migration Box Extension, ServMask All-in-One WP Migration OneDrive Extension, ServMask All-in-One WP Migration Dropbox Extension, ServMask All-in-One WP Migration Google Drive Extension.This issue affects All-in-One WP Migration Box Extension: from n/a through 1.53; All-in-One WP Migration OneDrive Extension: from n/a through 1.66; All-in-One WP Migration Dropbox Extension: from n/a through 3.75; All-in-One WP Migration Google Drive Extension: from n/a through 2.79.

Affected Software

VendorProductVersion RangeStatus
ServMaskAll-in-One WP Migration Box Extensionn/a <= 1.53affected
ServMaskAll-in-One WP Migration OneDrive Extensionn/a <= 1.66affected
ServMaskAll-in-One WP Migration Dropbox Extensionn/a <= 3.75affected
ServMaskAll-in-One WP Migration Google Drive Extensionn/a <= 2.79affected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References