CVE-2024-13609

MEDIUM Year: 2024
CVSS v3 Score
5.9
Medium
Weakness Type
CWE-200
View all →

Vulnerability Description

The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1 via the class-ocm-backup.php. This makes it possible for unauthenticated attackers to extract sensitive data including usernames and their respective password hashes during a short window of time in which the backup is in process.

Related Vulnerabilities

CVE-2007-2479

MEDIUM
CVSS:5.9(Medium)

Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed ...

CWE-2002007

CVE-2011-4076

MEDIUM
CVSS:5.9(Medium)

OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or...

CWE-2002011

CVE-2013-3587

MEDIUM
CVSS:5.9(Medium)

The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle at...

CWE-2002013

CVE-2013-6681

MEDIUM
CVSS:5.9(Medium)

Tube Map Live Underground for Android before 3.0.22 has an Information Disclosure Vulnerability

CWE-2002013

CVE-2014-2359

MEDIUM
CVSS:5.9(Medium)

OleumTech Wireless Sensor Network devices allow remote attackers to obtain sensitive information about sensor nodes or spoof devices by reading cleartext protocol data.

CWE-2002014

CVE-2014-4024

MEDIUM
CVSS:5.9(Medium)

SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x before 11.2.1 HF12, 11.3.0 before HF10, 11.4.0 before HF8, 11.4.1 before HF5, 11.5.0 before HF5, and 11.5.1 before HF5, when used ...

CWE-2002014