CVE-2024-13609
Published: 18 February 2025
Summary
CVE-2024-13609 is a medium-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in 1Clickmigration 1 Click Migration. Its CVSS base score is 5.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 4.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-22 (Publicly Accessible Content) and AU-13 (Monitoring for Information Disclosure).
Deeper analysis
The 1 Click WordPress Migration Plugin for WordPress is affected by a sensitive information exposure vulnerability in all versions through 2.2. The flaw resides in class-ocm-backup.php and allows unauthenticated network attackers to retrieve usernames and password hashes while a backup operation is underway. The issue carries a CVSS 3.1 score of 5.9, reflecting high attack complexity but no required authentication or user interaction.
An unauthenticated remote attacker can exploit the window during an active backup to obtain credential material that could be used for subsequent account compromise. Because the exposure occurs only while the backup process runs, the attack window is time-limited yet requires no privileges on the target site.
The referenced WordPress plugin repository shows a fix committed in changeset 3372639, and the Wordfence advisory for the vulnerability (ID d33199ea-7c96-4c60-a7b8-5c7e9835e231) directs administrators to apply the available plugin update to close the exposure.
EPSS for the CVE rose from lower values to a peak of 0.4564 on 2026-02-12 before receding to the current 0.1770, indicating a period of increased exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-4843
Vulnerability details
The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 via the class-ocm-backup.php. This makes it possible for unauthenticated attackers…
more
to extract sensitive data including usernames and their respective password hashes during a short window of time in which the backup is in process.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct unauthenticated exposure of password hashes via public-facing WordPress plugin vulnerability enables T1190 exploitation and T1552.001 credential access.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely remediation via the available patch in WordPress plugin changeset 3372639 directly corrects the flaw in class-ocm-backup.php that exposes sensitive data during backups.
Restricts publication of sensitive backup content on publicly accessible WordPress systems, preventing unauthenticated extraction of usernames and password hashes.
Monitors for unauthorized disclosure of sensitive information like usernames and password hashes during the backup process window.