Vulnerabilities > Servmask

DATE CVE VULNERABILITY TITLE RISK
2023-02-02 CVE-2022-2546 Unspecified vulnerability in Servmask All-In-One WP Migration
The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wm_export AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response that will be executed in the victims session.
network
high complexity
servmask
4.7
2022-05-10 CVE-2022-1476 Unspecified vulnerability in Servmask All-In-One WP Migration
The All-in-One WP Migration plugin for WordPress is vulnerable to arbitrary file deletion via directory traversal due to insufficient file validation via the ~/lib/model/class-ai1wm-backups.php file, in versions up to, and including, 7.58.
network
low complexity
servmask
6.5
2022-03-07 CVE-2021-24216 Unrestricted Upload of File with Dangerous Type vulnerability in Servmask One-Stop WP Migration 7.39/7.40
The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files' extension, which allows administrators to upload PHP files on their site, even on multisite installations.
network
low complexity
servmask CWE-434
6.5