cleantalk
Vulnerabilities and Security Researches

1 Click WordPress Migration Plugin – 100% FREE for a limited time, CVE-2024-13555

CVE, Research URL

CVE-2024-13555

Home page URL

Security reports for 1 Click WordPress Migration Plugin – 100% FREE for a limited time

Application

1 Click WordPress Migration Plugin – 100% FREE for a limited time

Published on
Feb 18, 2025
Research Description
The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on the cancel_actions() function. This makes it possible for unauthenticated attackers to cancel a triggered backup via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max 2.2.
Status
vulnerable
Previous vulnerability researches
Labinator Content Types Duplicator (CVE-2025-31809) , Apr 03, 2025
Theme Duplicator (CVE-2025-31845) , Apr 03, 2025
WP Bulk Post Duplicator (CVE-2025-28884) , Mar 13, 2025
Multisite Post Duplicator (CVE-2016-10944) , Jun 07, 2024
Theme File Duplicator (CVE-2025-27283) , Feb 27, 2025
New vulnerability
Admin and Site Enhancements (ASE) (CVE-2024-43333) , May 07, 2025
EventPrime – Events Calendar, Bookings and Tickets (CVE-2024-9864) , May 07, 2025
PDF Flipbook, 3D Flipbook – DearFlip (CVE-2024-4367) , May 07, 2025
Import any XML or CSV File to WordPress (CVE-2014-2054) , May 07, 2025
WC Affiliate – A Full-fledged Affiliate Manager for WooCommerce (CVE-2024-12321) , May 07, 2025