A security flaw has been discovered in the All-in-One WP Migration Extensions plugin [1] [2], specifically in version 7.14 and potentially in prior versions as well. This flaw allows attackers to bypass security measures and perform restricted actions, posing a significant risk to website security.
Description
The security flaw in the All-in-One WP Migration Extensions plugin allows attackers to exploit vulnerabilities and gain unauthorized access to sensitive information. By manipulating access tokens [1] [5], hackers can export the database, plugins [1] [2] [3] [4], themes [3], and uploaded files [3], compromising the integrity of the website. The flaw can be exploited through the /wp-admin/wp-ajax.php endpoint, where an unauthenticated user can trigger the init function without permission or nonce validation. This enables them to modify or delete the access token configurations used by the affected extensions. The vulnerability, assigned CVE-2023-40004 [5], affects all four extensions, with the only difference being in the naming of the ai1wmbe value [5]. The security research team at PatchStack identified this vulnerability and has released patches in the latest versions of the extensions.
Conclusion
To prevent unauthorized access and protect against this security flaw, it is crucial for users to update their plugins immediately to the patched versions mentioned in the security advisory [2]. Implementing permission and nonce validation is also recommended by PatchStack to further enhance security. Failure to address this vulnerability could result in compromised sensitive information and unauthorized access to third-party accounts. It is important for website owners and administrators to remain vigilant and proactive in maintaining the security of their websites.
References
[1] https://mywitan.com/2023/08/30/flaw-exposes-wp-migration-plugin-to-hacks/
[2] https://www.infosecurity-magazine.com/news/flaw-exposes-wp-migration-plugin/
[3] https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-all-in-one-wp-migration-security-bypass-2-0-4/
[4] https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-all-in-one-wp-migration-security-bypass-7-14/
[5] https://patchstack.com/articles/pre-auth-access-token-manipulation-in-all-in-one-wp-migration-extensions/
