What the vulnerability does
01Description
Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability in 1clickmigration 1 Click WordPress Migration 1-click-migration allows Retrieve Embedded Sensitive Data.This issue affects 1 Click WordPress Migration: from n/a through <= 2.5.7.
Explanation of Vulnerability in Simple Terms
02Summary
The 1 Click WordPress Migration plugin through version 2.5.7 exposes sensitive information to unauthenticated attackers over the network. An attacker can read non-public data without needing to log in or interact with a site administrator. The vulnerability stems from insufficient access controls on a data endpoint. Update to a version newer than 2.5.7.
What an attacker can do
03Attacker Capabilities
Read sensitive non-public data from the site without logging in.
Potential impact on your site
04Site Impact
Attackers can access confidential information exposed by the plugin without any credentials.
Conditions required to exploit
05Prerequisites
Network access to the WordPress site; no authentication or user interaction required.
Key dates
06Disclosure timeline
April 4, 2025
CVE published
April 28, 2026
Record updated