All-in-One WP Migration 7.0 Patches XSS Vulnerability

These that utilize the All-in-One WP Migration plugin are encouraged to update to version 7.0 as soon as seemingly as 6.97 contains an admin backend unfriendly-region-scripting vulnerability.

An attacker would possess already bought so as to either compromise the database or fabricate score admission to to a user account with excessive AMPle privileges to scrutinize the backup history, so some harm has already been performed, but such an attacker would possibly per chance well then also insert some XSS in uncover to compromise other admin customers.

When double-clicking the backup description on the backup history overview online page, in uncover to edit the description textual say, the textual say isn’t any longer sanitized/escaped by strategy of html entities when generating the input field.

Vulnerability Portray

Model 7.0 modified into launched on the plugin itemizing about a day within the past and patches the vulnerability. In step with the stats on the wordpress plugin itemizing, All-in-One WP Migration is actively installed on more than two million sites.

A proof of opinion will be published on July 24th which provides region owners about a week to update. Unfortunately, customers who scrutinize the changelog forward of updating will be unable to settle it patches a security self-discipline attributable to the patch being labeled as a standard repair.

Up prior to now July 19th

All-in-One WP Migration has launched a fresh update that addresses a obvious security self-discipline that modified into equipped in 7.0. Users are strongly encouraged to update to 7.1 as soon as seemingly.