Description
WordPress Plugin All-in-One WP Migration is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to delete arbitrary files in the context of the webserver process. WordPress Plugin All-in-One WP Migration version 7.58 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 7.59 or latest
References
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1476
https://plugins.svn.wordpress.org/all-in-one-wp-migration/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin My Calendar Multiple Cross-Site Scripting Vulnerabilities (2.3.9)
PHP Resource Management Errors Vulnerability (CVE-2010-2093)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3412)
WordPress Plugin Edwiser Bridge-WordPress Moodle LMS Integration Unspecified Vulnerability (2.0.7)
WordPress Plugin YITH WooCommerce Wishlist SQL Injection (2.1.2)