Designed to empower non-technical WordPress administrators with effortless data migration capabilities, this add-on has unwittingly become a potential gateway for miscreants. Exploiting this vulnerability, threat actors can reroute website migration data to their own servers or resurrect malicious backups, turning a helpful tool into a weapon of digital destruction.
The flaw’s discovery dates back to mid-July of this year, and it was promptly reported to its creators, ServMask. Fortunately, the company responded swiftly, releasing an update approximately a week later. This update bolstered security by addressing the issue through permission and nonce validation within the init function.
