Cyber Resilience

CVE-2024-13609

Medium

Published: 18 February 2025

Published
18 February 2025
Modified
08 April 2026
KEV Added
Patch
CVSS Score v3.1 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.1770 95.3th percentile
Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-13609 is a medium-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in 1Clickmigration 1 Click Migration. Its CVSS base score is 5.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 4.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-22 (Publicly Accessible Content) and AU-13 (Monitoring for Information Disclosure).

Deeper analysis

The 1 Click WordPress Migration Plugin for WordPress is affected by a sensitive information exposure vulnerability in all versions through 2.2. The flaw resides in class-ocm-backup.php and allows unauthenticated network attackers to retrieve usernames and password hashes while a backup operation is underway. The issue carries a CVSS 3.1 score of 5.9, reflecting high attack complexity but no required authentication or user interaction.

An unauthenticated remote attacker can exploit the window during an active backup to obtain credential material that could be used for subsequent account compromise. Because the exposure occurs only while the backup process runs, the attack window is time-limited yet requires no privileges on the target site.

The referenced WordPress plugin repository shows a fix committed in changeset 3372639, and the Wordfence advisory for the vulnerability (ID d33199ea-7c96-4c60-a7b8-5c7e9835e231) directs administrators to apply the available plugin update to close the exposure.

EPSS for the CVE rose from lower values to a peak of 0.4564 on 2026-02-12 before receding to the current 0.1770, indicating a period of increased exploitation interest after disclosure.

EU & UK References

Vulnerability details

The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 via the class-ocm-backup.php. This makes it possible for unauthenticated attackers…

more

to extract sensitive data including usernames and their respective password hashes during a short window of time in which the backup is in process.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

Direct unauthenticated exposure of password hashes via public-facing WordPress plugin vulnerability enables T1190 exploitation and T1552.001 credential access.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-25729Shared CWE-200
CVE-2024-13911Shared CWE-200
CVE-2025-22961Shared CWE-200
CVE-2026-30928Shared CWE-200
CVE-2025-27784Shared CWE-200
CVE-2026-2268Shared CWE-200
CVE-2024-13796Shared CWE-200
CVE-2025-25975Shared CWE-200
CVE-2024-12142Shared CWE-200
CVE-2025-25951Shared CWE-200

Affected Assets

1clickmigration
1 click migration
≤ 2.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely remediation via the available patch in WordPress plugin changeset 3372639 directly corrects the flaw in class-ocm-backup.php that exposes sensitive data during backups.

prevent

Restricts publication of sensitive backup content on publicly accessible WordPress systems, preventing unauthenticated extraction of usernames and password hashes.

detect

Monitors for unauthorized disclosure of sensitive information like usernames and password hashes during the backup process window.

References