CVE-2025-32257 MEDIUM

CVE-2025-32257: WordPress 1 Click WordPress Migration plugin <= 2.5.7 - Sensitive Data Exposure vulnerability

Vendor 1Clickmigration
Product 1 Click WordPress Migration
Weakness CWE-1258
Published April 4, 2025
Last update April 28, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability in 1clickmigration 1 Click WordPress Migration 1-click-migration allows Retrieve Embedded Sensitive Data.This issue affects 1 Click WordPress Migration: from n/a through <= 2.5.7.

Explanation of Vulnerability in Simple Terms

02Summary

The 1 Click WordPress Migration plugin through version 2.5.7 exposes sensitive information to unauthenticated attackers over the network. An attacker can read non-public data without needing to log in or interact with a site administrator. The vulnerability stems from insufficient access controls on a data endpoint. Update to a version newer than 2.5.7.

What an attacker can do

03Attacker Capabilities

Read sensitive non-public data from the site without logging in.

Potential impact on your site

04Site Impact

Attackers can access confidential information exposed by the plugin without any credentials.

Conditions required to exploit

05Prerequisites

Network access to the WordPress site; no authentication or user interaction required.

Key dates

06Disclosure timeline

April 4, 2025 CVE published
April 28, 2026 Record updated