A stark revelation in the realm of cybersecurity has sent shockwaves through the WordPress community. Researchers from Patchstack have unearthed a high-severity vulnerability within a widely-used WordPress extension, opening the doors for malicious actors to pilfer sensitive data from vulnerable websites.
This perilous flaw, officially documented as CVE-2023-40004, grants unauthenticated users the ability to access and manipulate token configurations. The afflicted extension goes by the name of “All-in-One WP Migration,” boasting an impressive five million active installations.
