CVE-2024-8852
📋 TL;DR
The All-in-One WP Migration and Backup plugin for WordPress exposes sensitive information through publicly accessible log files. Unauthenticated attackers can view potentially sensitive data like full server paths. All WordPress sites using this plugin up to version 7.86 are affected.
💻 Affected Systems
- All-in-One WP Migration and Backup plugin for WordPress
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers obtain full server paths, database credentials, or other sensitive configuration details leading to further attacks like directory traversal or targeted exploitation.
Likely Case
Attackers discover server paths and directory structures, enabling reconnaissance for additional vulnerabilities or targeted attacks.
If Mitigated
Limited exposure of non-critical path information with minimal impact if proper access controls and monitoring are in place.
🎯 Exploit Status
Exploitation requires only accessing publicly exposed log files via HTTP requests.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 7.87 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'All-in-One WP Migration and Backup'. 4. Click 'Update Now' if available. 5. Alternatively, download version 7.87+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Restrict access to log files
linuxAdd .htaccess rules to block public access to plugin log directories
# Add to .htaccess in WordPress root
<Files "*.log">
Order Allow,Deny
Deny from all
</Files>
# Block access to plugin log directory
RedirectMatch 403 /wp-content/plugins/all-in-one-wp-migration/.*\.log$
Disable plugin temporarily
linuxDeactivate the plugin until patched if immediate update is not possible
wp plugin deactivate all-in-one-wp-migration
🧯 If You Can't Patch
- Remove or restrict public access to the plugin's log directory via web server configuration
- Implement web application firewall rules to block requests to .log files
🔍 How to Verify
Check if Vulnerable:
Check if plugin version is 7.86 or earlier in WordPress admin or by examining /wp-content/plugins/all-in-one-wp-migration/readme.txtCheck Version:
wp plugin get all-in-one-wp-migration --field=versionVerify Fix Applied:
Confirm plugin version is 7.87 or later and test that accessing /wp-content/plugins/all-in-one-wp-migration/*.log returns 403/404📡 Detection & Monitoring
Log Indicators:
- HTTP 200 responses to .log file requests in web server logs
- Unusual access patterns to plugin directories
Network Indicators:
- GET requests to paths containing '/all-in-one-wp-migration/' and '.log' extension
SIEM Query:
source="web_server_logs" AND (uri="/wp-content/plugins/all-in-one-wp-migration/*.log" OR uri LIKE "%.log") AND response="200"🔗 References
- https://plugins.trac.wordpress.org/browser/all-in-one-wp-migration/tags/7.86/functions.php#L297
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3168605%40all-in-one-wp-migration&new=3168605%40all-in-one-wp-migration&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/c4901d9d-7b37-40d5-a42b-59c80bbbe8ff?source=cve
