CVE-2024-13609
published 2025-02-18CVE-2024-13609: The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up…
PriorityP277medium5.9CVSS 3.1
AVNACHPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.57%
72.4th percentile
The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 via the class-ocm-backup.php. This makes it possible for unauthenticated attackers to extract sensitive data including usernames and their respective password hashes during a short window of time in which the backup is in process.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 1clickmigration | 1_click_migration | <= 2.1 | — |
| 1clickmigration | 1_click_migration_backup_free_wordpress_migration_plugin_with_zero_downtime_easy | <= 2.2 | — |
Detection & IOCsextracted from sources · hover to see the quote
yara
contains_all(body, "CREATE TABLE", "INSERT INTO", "DROP TABLE") and contains(content_type, "application/sql") and status_code == 200
- →Unauthenticated HTTP GET requests to /wp-content/tmp/db/<table>.sql paths (e.g., wp_users.sql, wp_usermeta.sql) during an active backup window indicate exploitation attempts. Response body containing 'CREATE TABLE', 'INSERT INTO', and 'DROP TABLE' with Content-Type 'application/sql' and HTTP 200 confirms successful exposure.
- →The vulnerable backup files are only accessible during a short window while the backup is in process; monitor for unauthenticated access to /wp-content/tmp/db/*.sql paths.
- →FOFA fingerprinting query for identifying exposed instances of the vulnerable plugin.
- ·Exploitation is only possible during a short time window while the backup is actively being created; the SQL dump files are transiently exposed and may not be present at other times.
- ·The vulnerability affects all plugin versions up to and including 2.2; version 2.3 and above are remediated.
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck5.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m29g-f45j-cpg4: The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all vers
ghsa_unreviewed·2025-02-18
CVE-2024-13609 [MEDIUM] CWE-200 GHSA-m29g-f45j-cpg4: The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all vers
The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1 via the class-ocm-backup.php. This makes it possible for unauthenticated attackers to extract sensitive data including usernames and their respective password hashes during a short window of time in which the backup is in process.
VulnCheck
1clickmigration 1_click_migration Exposure of Sensitive Information to an Unauthorized Actor
vulncheck·2024·CVSS 5.9
CVE-2024-13609 [MEDIUM] 1clickmigration 1_click_migration Exposure of Sensitive Information to an Unauthorized Actor
1clickmigration 1_click_migration Exposure of Sensitive Information to an Unauthorized Actor
The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 via the class-ocm-backup.php. This makes it possible for unauthenticated attackers to extract sensitive data including usernames and their respective password hashes during a short window of time in which the backup is in process.
Affected: 1clickmigration 1_click_migration
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://tracker.crowdsec.net/cves/CVE-2024-13609
No detection rules found.
Nuclei
WordPress 1 Click Migration Plugin < 2.3 - Information Exposure
nuclei·CVSS 5.9
CVE-2024-13609 [MEDIUM] WordPress 1 Click Migration Plugin < 2.3 - Information Exposure
WordPress 1 Click Migration Plugin < 2.3 - Information Exposure
The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 via the class-ocm-backup.php. This makes it possible for unauthenticated attackers to extract sensitive data including usernames and their respective password hashes during a short window of time in which the backup is in process.
Template:
id: CVE-2024-13609
info:
name: WordPress 1 Click Migration Plugin < 2.3 - Information Exposure
author: pussycat0x
severity: medium
description: |
The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and
No writeups or analysis indexed.
2025-02-18
Published
Exploited in the wild