WordPress Plugin Vulnerabilities

WebToffee WP Backup and Migration < 1.5.4 - Unauthenticated Sensitive Information Exposure

Description

The plugin is vulnerable to Sensitive Information Exposure. This makes it possible for unauthenticated attackers to extract sensitive information from export logs.

Affects Plugins

Plugin icon
wp-migration-duplicator
Fixed in 1.5.4

References

CVE
CVE-2025-24651
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/324c747e-35b2-4d56-bd00-7591669b24b9

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
SavPhill (Savphill)
Verified
No
WPVDB ID
d2263fba-ddeb-49e1-9853-1368d7c03e6e

Timeline

Publicly Published
2025-01-13 (about 1 year ago)
Added
2025-12-11 (about 5 months ago)
Last Updated
2025-12-11 (about 5 months ago)

Other

Published
Title
Published
2025-03-25
Title
Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates < 1.6.9 - Authenticated (Contributor+) Sensitive Information Exposure
Published
2025-07-01
Title
Contact Form by Bit Form < 2.17.6 - Unauthenticated Sensitive Information Exposure
Published
2025-10-10
Title
Code Quality Control Tool < 2.2 - Unauthenticated Information Exposure via Log Files
Published
2024-04-03
Title
Beaver Themer < 1.4.9.1 - Authenticated (Contributor+) Sensitive Information Exposure via shortcode
Published
2025-12-08
Title
Custom Field Template < 2.7.7 - Authenticated (Subscriber+) Information Exposure