CVE-2023-40004

EPSS 9.67%
Veröffentlicht 19.06.2024 12:15:09
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle audit@patchstack.com
CVE-Watchlists
Login
Unerledigt
Login

Unauth. Access Token Manipulation vulnerability in multiple ServMask WordPress plugins

Multiple ServMask Plugins <= (Various Versions) - Missing Authorization to Access Token Update

Missing Authorization vulnerability in ServMask All-in-One WP Migration Box Extension, ServMask All-in-One WP Migration OneDrive Extension, ServMask All-in-One WP Migration Dropbox Extension, ServMask All-in-One WP Migration Google Drive Extension.This issue affects All-in-One WP Migration Box Extension: from n/a through 1.53; All-in-One WP Migration OneDrive Extension: from n/a through 1.66; All-in-One WP Migration Dropbox Extension: from n/a through 3.75; All-in-One WP Migration Google Drive Extension: from n/a through 2.79.

Mögliche Gegenmaßnahme

All-in-One WP Migration Box Extension: Update to version 1.54, or a newer patched version

All-in-One WP Migration Dropbox Extension: Update to version 3.76, or a newer patched version

All-in-One WP Migration Google Drive Extension: Update to version 2.80, or a newer patched version

All-in-One WP Migration OneDrive Extension: Update to version 1.67, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

CNA 1 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellerservmask

≫

Produkt all-in-one_wp_migration

Default Statusunknown

Version 1.54

Status affected

Version 2.80

Status affected

Version 1.67

Status affected

Version 3.76

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt All-in-One WP Migration Box Extension

Version *-1.53

SystemWordPress Plugin

≫

Produkt All-in-One WP Migration Dropbox Extension

Version *-3.75

SystemWordPress Plugin

≫

Produkt All-in-One WP Migration Google Drive Extension

Version *-2.79

SystemWordPress Plugin

≫

Produkt All-in-One WP Migration OneDrive Extension

Version *-1.66

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	9.67%	0.949

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
audit@patchstack.com	7.3	3.9	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://patchstack.com/articles/pre-auth-access-token-manipulation-in-all-in-one-wp-migration-extensions?_s_id=cve

https://patchstack.com/database/vulnerability/all-in-one-wp-migration-box-extension/wordpress-all-in-one-wp-migration-box-extension-plugin-1-53-unauthenticated-access-token-manipulation-vulnerability?_s_id=cve

https://patchstack.com/database/vulnerability/all-in-one-wp-migration-dropbox-extension/wordpress-all-in-one-wp-migration-dropbox-extension-plugin-3-75-unauthenticated-access-token-manipulation-vulnerability?_s_id=cve

https://patchstack.com/database/vulnerability/all-in-one-wp-migration-gdrive-extension/wordpress-all-in-one-wp-migration-google-drive-extension-plugin-2-79-unauthenticated-access-token-manipulation-vulnerability?_s_id=cve

https://patchstack.com/database/vulnerability/all-in-one-wp-migration-onedrive-extension/wordpress-all-in-one-wp-migration-onedrive-extension-plugin-1-66-unauthenticated-access-token-manipulation-vulnerability?_s_id=cve

https://www.wordfence.com/threat-intel/vulnerabilities/id/86bb44f0-142d-4c4e-8fc5-a50526118130

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-40004

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-40004

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-40004

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-40004