CVE-2025-32257
WordPress 1 Click WordPress Migration plugin <= 2.5.7 - Sensitive Data Exposure vulnerability
In short
The 1 Click WordPress Migration plugin leaves debug information visible on websites, which can expose sensitive system details to anyone who knows where to look. This information could help attackers understand your website's setup and find other vulnerabilities.
Technical detail
The plugin fails to clear debug information during operation, allowing unauthenticated remote attackers to retrieve embedded sensitive system data through direct access to debug output or files. The vulnerability affects versions up to 2.5.7 and requires no authentication or user interaction, though the attacker must know or discover the location of exposed debug information.
Summary generated and translated by AI from the official description.
Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability in 1clickmigration 1 Click WordPress Migration 1-click-migration allows Retrieve Embedded Sensitive Data.This issue affects 1 Click WordPress Migration: from n/a through <= 2.5.7.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
1clickmigration · 1 Click WordPress MigrationWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →