Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

servmask — Vulnerabilities & Security Advisories 7

Browse all 7 CVE security advisories affecting servmask. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Servmask primarily develops backup and migration tools for WordPress, including popular plugins like All-in-One WP Migration. Historically, its products have been vulnerable to multiple remote code execution (RCE) flaws, cross-site scripting (XSS), and privilege escalation issues, often stemming from insufficient input validation and improper file handling. The company has addressed several critical vulnerabilities, including a high-severity RCE in All-in-One WP Migration that allowed attackers to execute arbitrary code on affected servers. Despite patches, new vulnerabilities continue to emerge, with seven CVEs recorded to date, highlighting ongoing security challenges in its widely used WordPress ecosystem tools.

Top products by servmask: All-in-One WP Migration and Backup All-in-One WP Migration Box Extension All-in-One WP Migration Unlimited Extension
CVE IDTitleCVSSSeverityPublished
CVE-2026-5753 All-in-One WP Migration Unlimited Extension <= 2.83 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Backup Schedule Creation and Backup File Download — All-in-One WP Migration Unlimited ExtensionCWE-862 6.5 Medium2026-05-06
CVE-2025-8490 All-in-One WP Migration and Backup <= 7.97 - Authenticated (Administrator+) Stored Cross-Site Scripting via Import — All-in-One WP Migration and BackupCWE-79 4.4 Medium2025-08-26
CVE-2024-10942 All in One WP Migration <= 7.89 - Unauthenticated PHP Object Injection — All-in-One WP Migration and BackupCWE-502 7.5 High2025-03-13
CVE-2024-9162 All-in-One WP Migration and Backup <= 7.86 - Authenticated (Administrator+) Arbitrary PHP Code Injection — All-in-One WP Migration and BackupCWE-94 7.2 High2024-10-28
CVE-2024-8852 All-in-One WP Migration and Backup <= 7.86 - Unauthenticated Information Disclosure via Error Logs — All-in-One WP Migration and BackupCWE-200 5.3 Medium2024-10-22
CVE-2023-40004 Unauth. Access Token Manipulation vulnerability in multiple ServMask WordPress plugins — All-in-One WP Migration Box ExtensionCWE-862 7.3 High2024-06-19
CVE-2022-1476 All-in-One WP Migration <= 7.58 - Directory Traversal to File Deletion on Windows Hosts — All-in-One WP Migration and BackupCWE-22 6.6 Medium2022-05-10

This page lists every published CVE security advisory associated with servmask. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.