PT-2025-47295 · WordPress · Wp Migrate Lite – Wordpress Migration Made Easy
Dmitry Ignatyev
·
Published
2025-11-18
·
Updated
2025-11-18
·
CVE-2025-11427
CVSS v3.1
5.8
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
WP Migrate Lite – WordPress Migration Made Easy plugin versions prior to 2.7.7
Description
The WP Migrate Lite – WordPress Migration Made Easy plugin for WordPress is susceptible to a Blind Server-Side Request Forgery. This allows unauthenticated attackers to make web requests to arbitrary locations originating from the web application. Exploitation of this issue could allow attackers to obtain information about internal services via the
wpmdb flush API endpoint.Recommendations
Update the WP Migrate Lite – WordPress Migration Made Easy plugin to version 2.7.7 or later.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp Migrate Lite – Wordpress Migration Made Easy