WordPress Backup & Migration < 1.4.8 – Unauthenticated Sensitive Information Exposure | CVE 2024-31254

Affects Plugins

wp-migration-duplicator

Fixed in 1.4.8

References

CVE

CVE-2024-31254

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/40570bb7-1638-4305-876e-86ad4c336944

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CWE-200

CVSS

5.3 (medium)

Miscellaneous

Original Researcher

Joshua Chan

Verified

No

WPVDB ID

6fe98d20-5883-4322-9201-04c4dd611a5e

Timeline

Publicly Published

2024-04-05 (about 2 years ago)

Added

2024-04-11 (about 2 years ago)

Last Updated

2024-04-11 (about 2 years ago)

Other

Published

Title

Published

2026-01-26

Title

FullCalendar <= 1.6 - Unauthenticated Information Exposure

Published

2024-08-28

Title

Premium SEO Pack – WP SEO Plugin <= 1.6.002 - Unauthenticated Information Exposure

Published

2024-11-14

Title

Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders < 6.0.10 - Authenticated (Author+) Sensitive Information Exposure to Privilege Escalation

Published

2023-09-25

Title

WP Job Openings < 3.4.3 - Sensitive Data Exposure via Directory Listing

Published

2025-11-12

Title

Passster < 4.2.20 - Unauthenticated Information Exposure