Description
WordPress Plugin All-in-One WP Migration is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently export a copy of the database, plugins, themes, and uploaded files. WordPress Plugin All-in-One WP Migration version 2.0.4 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.0.5 or latest
References
Related Vulnerabilities
WordPress Plugin GigPress Cross-Site Scripting (2.3.27)
Drupal Core 7.x Multiple Vulnerabilities (7.0 - 7.42)
WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Cross-Site Scripting (1.16.4)
WordPress Plugin Advanced AJAX Page Loader Arbitrary File Upload (2.7.6)
WordPress Plugin WP Meta and Date Remover Cross-Site Request Forgery (1.7.5)