id: CVE-2024-8852 info: name: All-in-One WP Migration < 7.87 - Unauthenticated Information Disclosure author: FLX severity: medium description: | The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to unauthenticated information disclosure due to its error.log file being publicly accessible in versions before 7.87. impact: | An unauthenticated attacker can access the error.log file, which may contain sensitive information such as full server path disclosures, backup filenames, and other debugging details. This information could be used in further attacks. remediation: | Update the All-in-One WP Migration and Backup plugin to version 7.87 or later. reference: - https://wpscan.com/vulnerability/9f533098-8435-4ee1-a423-5142070ceefc/ - https://wordpress.org/plugins/all-in-one-wp-migration/#developers classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2024-8852 epss-score: 0.01175 epss-percentile: 0.63453 cwe-id: CWE-532 metadata: verified: true fofa-query: body="/wp-content/plugins/all-in-one-wp-migration" tags: cve,cve2024,wpscan,wp,wordpress,wp-plugin,all-in-one-wp-migration,disclosure,vkev flow: http(1) && http(2) http: - method: GET path: - "{{BaseURL}}/wp-content/plugins/all-in-one-wp-migration/readme.txt" matchers: - type: dsl dsl: - "status_code == 200" - compare_versions(version, '< 7.87') condition: and internal: true extractors: - type: regex name: version part: body group: 1 regex: - "(?mi)Stable tag: ([0-9.]+)" internal: true - method: GET path: - "{{BaseURL}}/wp-content/plugins/all-in-one-wp-migration/storage/error.log" matchers: - type: dsl dsl: - status_code == 200 - contains_all(body, 'Number', 'Message') - contains(tolower(header), 'text/plain') condition: and # digest: 490a0046304402202bcff7b4e81d8dbb2da85de957feddf46ab21935ef7191a2727b70f90398992a02205a754ca2986e0410511d0bba5b26c055f73e3b37f74df6e8e44b09d64090c035:922c64590222798bb761d5b6d8e72950