Wp Migrate Lite
Monthly
Cross-Site Request Forgery in WP Migrate Lite (WordPress plugin by WP Engine, versions ≤ 2.7.8) enables unauthenticated remote attackers to force authenticated administrators to invoke unauthorized plugin actions by deceiving them into visiting a malicious page. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:C/A:L) confirms low-complexity network exploitation with changed scope, meaning triggered actions can produce availability impact beyond the plugin itself - consistent with migration or database operations affecting the broader WordPress installation. No public exploit code and no CISA KEV listing have been identified at time of analysis.
Cross-Site Request Forgery in WP Migrate Lite (WordPress plugin by WP Engine, versions ≤ 2.7.8) enables unauthenticated remote attackers to force authenticated administrators to invoke unauthorized plugin actions by deceiving them into visiting a malicious page. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:C/A:L) confirms low-complexity network exploitation with changed scope, meaning triggered actions can produce availability impact beyond the plugin itself - consistent with migration or database operations affecting the broader WordPress installation. No public exploit code and no CISA KEV listing have been identified at time of analysis.