The 1 Click WordPress Migration plugin contains an Uncleared Debug Information flaw that allows the retrieval of embedded sensitive data. The vulnerability is described as a Sensitive Data Exposure rather than a code execution or privilege escalation issue. It is classified under CWE‑1258, indicating that sensitive information is inadvertently exposed when debugging is not fully cleared. The impact is non‑destructive; the CVE description does not specify direct compromise potential beyond exposing information that could be valuable to an attacker.

Targeted systems are WordPress installations that use the 1 Click WordPress Migration plugin version 2.5.7 or earlier. The vulnerability applies to all versions of the plugin listed as affected in the CNA data, from the earliest released version through the 2.5.7 release. WordPress sites hosting this plugin, regardless of the WordPress core version, are at risk until the plugin is updated to a patched release or the debug information functionality is disabled.

With a CVSS score of 5.3, the vulnerability is rated as moderate. The EPSS score of 1% indicates a low but non‑zero likelihood of exploitation; it is not listed in the CISA KEV catalog. The CVE description highlights a problem with uncleared debug information that exposes sensitive system data, but the data does not provide explicit details about further exploitation steps, privilege requirements, or attack paths.