CVE-2025-3455 in Click Migration Plugininfo

Summary

by MITRE • 05/09/2025

The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'start_restore' function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservation

04/08/2025

Disclosure

05/09/2025

Moderation

accepted

Entry

VDB-308073

CPE

ready

CWE

CWE-862 (confirmed)

CVSS

6.3 (VulDB)

EPSS

0.01241

KEV

Activities

very low

Sector

Hostingprovider

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-3455
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-3455
CVE Details	https://www.cvedetails.com/cve/CVE-2025-3455/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!