The All-in-One WP Migration plugin incorrectly applies stripslashes_deep() to the $_FILES superglobal. This function is designed for string data like $_POST or $_GET, not for file upload metadata. Applying it to $_FILES can corrupt file paths or names, potentially leading to path traversal or unexpected file handling behavior.
This vulnerability affects the following application versions:
- All-in-One WP Migration and Backup 7.98