Description
WordPress Plugin All-in-One WP Migration is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently export a copy of the database, plugins, themes, and uploaded files. WordPress Plugin All-in-One WP Migration version 2.0.4 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.0.5 or latest
References
Related Vulnerabilities
WordPress Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2017-8295)
MongoDb Improper Handling of Exceptional Conditions Vulnerability (CVE-2020-7926)
MySQL CVE-2014-4243 Vulnerability (CVE-2014-4243)
WordPress 4.2.x Cross-Site Scripting Vulnerability (4.2 - 4.2.5)
WordPress Plugin GD Star Rating 'de' Parameter SQL Injection (1.9.10)