CVE-2024-13555

Name of the Vulnerable Software and Affected Versions 1 Click WordPress Migration Plugin – 100% FREE for a limited time versions up to 2.1

Description The issue is related to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation on the cancel actions() function. This makes it possible for unauthenticated attackers to cancel a triggered backup via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Recommendations For versions up to 2.1, consider disabling the cancel actions() function until a patch is available to prevent exploitation. Restrict access to the plugin's functionality to minimize the risk of exploitation. Avoid performing actions that could be triggered by a forged request until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.