CVE-2023-40004

HIGH 7.3

Unauth. Access Token Manipulation vulnerability in multiple ServMask WordPress plugins

CVSS Score

7.3

EPSS Score

0.0%

EPSS Percentile

0th

Missing Authorization vulnerability in ServMask All-in-One WP Migration Box Extension, ServMask All-in-One WP Migration OneDrive Extension, ServMask All-in-One WP Migration Dropbox Extension, ServMask All-in-One WP Migration Google Drive Extension.This issue affects All-in-One WP Migration Box Extension: from n/a through 1.53; All-in-One WP Migration OneDrive Extension: from n/a through 1.66; All-in-One WP Migration Dropbox Extension: from n/a through 3.75; All-in-One WP Migration Google Drive Extension: from n/a through 2.79.

CWE	CWE-862
Vendor	servmask
Product	all-in-one wp migration box extension
Published	Jun 19, 2024
Last Updated	Apr 28, 2026

Stay Ahead of the Next One

Get instant alerts for servmask all-in-one wp migration box extension

Be the first to know when new high vulnerabilities affecting servmask all-in-one wp migration box extension are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Affected Versions

ServMask / All-in-One WP Migration Box Extension

n/a ≤ 1.53

ServMask / All-in-One WP Migration OneDrive Extension

n/a ≤ 1.66

ServMask / All-in-One WP Migration Dropbox Extension

n/a ≤ 3.75

ServMask / All-in-One WP Migration Google Drive Extension

n/a ≤ 2.79

References

NVD ↗ CVE.org ↗ EPSS Data ↗

Credits

Rafie Muhammad (Patchstack)