98 matches found
CVE-2025-8490
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Import in all versions up to, and including, 7.97 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...
WordPress All-in-One WP Migration and Backup plugin <= 7.97 - Authenticated (Administrator+) Stored Cross-Site Scripting via Import vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Import vulnerability discovered by Jack Pas Dark. in WordPress Plugin All-in-One WP Migration versions = 7.97...
WordPress FG Drupal to WordPress Cross-Site Request Forgery Vulnerability
WordPress FG Drupal to WordPress is a plugin tool for migrating Drupal website content to WordPress, which supports the import of basic content such as articles, images, etc., but the free version does not include the comment import function. WordPress FG Drupal to WordPress suffers from a...
CVE-2024-32096
Cross-Site Request Forgery CSRF vulnerability in DAEV.Tech WP Migration Plugin DB & Files – WP Synchro.This issue affects WP Migration Plugin DB & Files – WP Synchro: from n/a through 1.11.2...
CVE-2023-6553
The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote...
CVE-2025-3455
The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'startrestore' function in all versions up to, and including, 2.2. This makes it possible for authenticated...
CVE-2025-3455 1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload
The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'startrestore' function in all versions up to, and including, 2.2. This makes it possible for authenticated...
CVE-2025-3455 1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload
The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'startrestore' function in all versions up to, and including, 2.2. This makes it possible for authenticated...
CVE-2025-32257 WordPress 1 Click WordPress Migration plugin <= 2.5.7 - Sensitive Data Exposure vulnerability
Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability in 1clickmigration 1 Click WordPress Migration 1-click-migration allows Retrieve Embedded Sensitive Data.This issue affects 1 Click WordPress Migration: from n/a through = 2.5.7...
CVE-2024-13555
The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the cancelactions function. This makes it possible for...
CVE-2024-13609
The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 via the class-ocm-backup.php. This makes it possible for unauthenticated attackers to extract sensitive data includi...
CVE-2024-13609
The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 via the class-ocm-backup.php. This makes it possible for unauthenticated attackers to extract sensitive data includi...
CVE-2024-13555
The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the cancelactions function. This makes it possible for...
CVE-2024-13555
The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on the cancelactions function. This makes it possible for...
CVE-2024-13609
The CVE-2024-13609 issue affects the WordPress plugin “1 Click WordPress Migration Plugin.” All versions up to and including 2.2 are reported vulnerable to Sensitive Information Exposure via the class-ocm-backup.php, enabling unauthenticated attackers to access usernames and password hashes durin...
CVE-2024-13609 1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Unauthenticated Sensitive Information Exposure via Database Backup in class-ocm-backup.php
The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 via the class-ocm-backup.php. This makes it possible for unauthenticated attackers to extract sensitive data includi...
CVE-2024-13555
CVE-2024-13555 – The 1 Click WordPress Migration Plugin (up to v2.1) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in cancel_actions(). This can allow unauthenticated attackers to cancel a backup triggered by a site administrator via a forged request. No pu...
WordPress plugin 1 Click WordPress Migration Plugin 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. An information disclosure...
1 Click WordPress Migration Plugin – 100% FREE for a limited time <= 2.2 - Cross-Site Request Forgery to Backup Process Cancellation
Description The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the cancelactions function. This makes it possible...
CVE-2024-10932
The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursiveunserializereplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. The...