CVE-2024-13609

Name of the Vulnerable Software and Affected Versions 1 Click WordPress Migration Plugin – 100% FREE for a limited time versions up to, and including, 2.1

Description The issue allows unauthenticated attackers to extract sensitive data, including usernames and their respective password hashes, during a short window of time in which the backup is in process. This is possible via the class-ocm-backup.php file.

Recommendations For versions up to, and including, 2.1, consider disabling the backup process temporarily until a patch is available to prevent exploitation. Restrict access to the class-ocm-backup.php file to minimize the risk of sensitive information exposure.