Lucene search
K

98 matches found

NVD
NVD
added 2025/08/27 12:15 a.m.4 views

CVE-2025-8490

The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Import in all versions up to, and including, 7.97 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

4.4CVSS0.00177EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/08/26 9:28 p.m.11 views

WordPress All-in-One WP Migration and Backup plugin <= 7.97 - Authenticated (Administrator+) Stored Cross-Site Scripting via Import vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Import vulnerability discovered by Jack Pas Dark. in WordPress Plugin All-in-One WP Migration versions = 7.97...

4.4CVSS5.5AI score0.00177EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2025/07/23 12:0 a.m.5 views

WordPress FG Drupal to WordPress Cross-Site Request Forgery Vulnerability

WordPress FG Drupal to WordPress is a plugin tool for migrating Drupal website content to WordPress, which supports the import of basic content such as articles, images, etc., but the free version does not include the comment import function. WordPress FG Drupal to WordPress suffers from a...

4.4CVSS6.7AI score0.00199EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:35 a.m.27 views

CVE-2024-32096

Cross-Site Request Forgery CSRF vulnerability in DAEV.Tech WP Migration Plugin DB & Files – WP Synchro.This issue affects WP Migration Plugin DB & Files – WP Synchro: from n/a through 1.11.2...

5.4CVSS5.2AI score0.00209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:5 a.m.12 views

CVE-2023-6553

The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote...

9.8CVSS8.3AI score0.97846EPSS
Exploits14References1
RedhatCVE
RedhatCVE
added 2025/05/11 7:11 a.m.17 views

CVE-2025-3455

The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'startrestore' function in all versions up to, and including, 2.2. This makes it possible for authenticated...

8.8CVSS7.6AI score0.01241EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/09 6:42 a.m.28 views

CVE-2025-3455 1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload

The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'startrestore' function in all versions up to, and including, 2.2. This makes it possible for authenticated...

8.8CVSS0.01241EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/05/09 6:42 a.m.9 views

CVE-2025-3455 1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload

The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'startrestore' function in all versions up to, and including, 2.2. This makes it possible for authenticated...

8.8CVSS8.8AI score0.01241EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/04/04 3:59 p.m.20 views

CVE-2025-32257 WordPress 1 Click WordPress Migration plugin <= 2.5.7 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability in 1clickmigration 1 Click WordPress Migration 1-click-migration allows Retrieve Embedded Sensitive Data.This issue affects 1 Click WordPress Migration: from n/a through = 2.5.7...

5.3CVSS0.00801EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/20 4:33 a.m.17 views

CVE-2024-13555

The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the cancelactions function. This makes it possible for...

5.3CVSS6.6AI score0.0019EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/20 4:33 a.m.15 views

CVE-2024-13609

The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 via the class-ocm-backup.php. This makes it possible for unauthenticated attackers to extract sensitive data includi...

5.9CVSS6.7AI score0.01575EPSS
Exploits0References1
NVD
NVD
added 2025/02/18 5:15 a.m.37 views

CVE-2024-13609

The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 via the class-ocm-backup.php. This makes it possible for unauthenticated attackers to extract sensitive data includi...

5.9CVSS0.01575EPSS
Exploits0References3
NVD
NVD
added 2025/02/18 5:15 a.m.27 views

CVE-2024-13555

The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the cancelactions function. This makes it possible for...

5.3CVSS0.0019EPSS
Exploits0References3
OSV
OSV
added 2025/02/18 5:15 a.m.5 views

CVE-2024-13555

The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on the cancelactions function. This makes it possible for...

4.3CVSS5.6AI score0.0019EPSS
Exploits0References2
CVE
CVE
added 2025/02/18 4:21 a.m.64 views

CVE-2024-13609

The CVE-2024-13609 issue affects the WordPress plugin “1 Click WordPress Migration Plugin.” All versions up to and including 2.2 are reported vulnerable to Sensitive Information Exposure via the class-ocm-backup.php, enabling unauthenticated attackers to access usernames and password hashes durin...

5.9CVSS6.8AI score0.01575EPSS
In wildExploits0References3Affected Software1
Cvelist
Cvelist
added 2025/02/18 4:21 a.m.29 views

CVE-2024-13609 1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Unauthenticated Sensitive Information Exposure via Database Backup in class-ocm-backup.php

The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 via the class-ocm-backup.php. This makes it possible for unauthenticated attackers to extract sensitive data includi...

5.9CVSS0.01575EPSS
Exploits0References3
CVE
CVE
added 2025/02/18 4:21 a.m.54 views

CVE-2024-13555

CVE-2024-13555 – The 1 Click WordPress Migration Plugin (up to v2.1) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in cancel_actions(). This can allow unauthenticated attackers to cancel a backup triggered by a site administrator via a forged request. No pu...

5.3CVSS6.6AI score0.0019EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2025/02/18 12:0 a.m.5 views

WordPress plugin 1 Click WordPress Migration Plugin 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. An information disclosure...

5.9CVSS6.4AI score0.01575EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2025/02/17 12:0 a.m.9 views

1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Cross-Site Request Forgery to Backup Process Cancellation

Description The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the cancelactions function. This makes it possible...

5.3CVSS4.8AI score0.0019EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:13 a.m.6 views

CVE-2024-10932

The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursiveunserializereplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. The...

8.8CVSS7.3AI score0.0079EPSS
Exploits0References1
Rows per page
Query Builder