What is the severity of CVE-2024-9162?

CVE-2024-9162 has a critical severity rating due to the potential for arbitrary PHP code execution.

Who is affected by CVE-2024-9162?

CVE-2024-9162 affects users of the All-in-One WP Migration and Backup plugin for WordPress, specifically those using versions up to 7.86.

How do I fix CVE-2024-9162?

To fix CVE-2024-9162, update the All-in-One WP Migration and Backup plugin to the latest version beyond 7.86.

What can an attacker do with CVE-2024-9162?

An authenticated attacker can exploit CVE-2024-9162 to inject arbitrary PHP code, potentially gaining full control over the affected WordPress site.

Is there a patch available for CVE-2024-9162?

Yes, a patch is included in the plugin updates following version 7.86 to address the vulnerability in CVE-2024-9162.

Vulnerability/
CVE-2024-9162

high

7.2

CWE

EPSS

0.103%

28/10/2024

CVE-2024-9162: All-in-One WP Migration and Backup <= 7.86 - Authenticated (Administrator+) Arbitrary PHP Code Injection

First published: Mon Oct 28 2024(Updated: )

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to arbitrary PHP Code Injection due to missing file type validation during the export in all versions up to, and including, 7.86. This makes it possible for authenticated attackers, with Administrator-level access and above, to create an export file with the .php extension on the affected site's server, adding an arbitrary PHP code to it, which may make remote code execution possible.

Credit: security@wordfence.com

Affected Software	Affected Version	How to fix
All-in-One WP Migration	<=7.86

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-9162?
CVE-2024-9162 has a critical severity rating due to the potential for arbitrary PHP code execution.
Who is affected by CVE-2024-9162?
CVE-2024-9162 affects users of the All-in-One WP Migration and Backup plugin for WordPress, specifically those using versions up to 7.86.
How do I fix CVE-2024-9162?
To fix CVE-2024-9162, update the All-in-One WP Migration and Backup plugin to the latest version beyond 7.86.
What can an attacker do with CVE-2024-9162?
An authenticated attacker can exploit CVE-2024-9162 to inject arbitrary PHP code, potentially gaining full control over the affected WordPress site.
Is there a patch available for CVE-2024-9162?
Yes, a patch is included in the plugin updates following version 7.86 to address the vulnerability in CVE-2024-9162.

agent/references
agent/title
agent/weakness
agent/description
agent/first-publish-date
agent/type
agent/severity
agent/author
agent/event
collector/nvd-api
source/NVD
agent/last-modified-date
collector/mitre-cve
source/MITRE
agent/trending
collector/epss-latest
source/FIRST
agent/epss
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/all-in-one wp migration
canonical/all-in-one wp migration

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.