Does ALLDAMI Site Migration have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is ALLDAMI Site Migration compatible with WordPress 6.9.4?

According to WordPress.org data, ALLDAMI Site Migration 1.0.9 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is ALLDAMI Site Migration compatible with PHP 7.4+?

ALLDAMI Site Migration requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is ALLDAMI Site Migration updated?

ALLDAMI Site Migration was last updated on Feb 25, 2026. Frequent updates are generally a positive security signal.

What is ALLDAMI Site Migration's security score?

ALLDAMI Site Migration has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ALLDAMI Site Migration Security & Risk Analysis

wordpress.org/plugins/alldami-site-migration

The ultimate one-click WordPress migration and backup plugin. Seamlessly clone, move, or transfer your site with zero timeouts and no upload limits!

0 active installs v1.0.9 PHP 7.4+ WP 5.0+ Updated Feb 25, 2026

backupclonemigrationmovetransfer

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is ALLDAMI Site Migration Safe to Use in 2026?

Generally Safe

Score 100/100

ALLDAMI Site Migration has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The "alldami-site-migration" plugin v1.0.9 exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices by utilizing prepared statements for all SQL queries and a high percentage of properly escaped output. The absence of known CVEs and bundled libraries is also a good sign. However, significant concerns arise from the attack surface analysis. With 8 AJAX handlers, 3 of which lack authentication checks, there's a clear vulnerability pathway for unauthorized actions. Furthermore, the taint analysis reveals 5 flows with unsanitized paths, including 2 of high severity, indicating potential for injection or manipulation vulnerabilities. While the vulnerability history is clean, the presence of these internal code signals suggests latent risks that could be exploited if not addressed.

Despite the lack of historical vulnerabilities, the static analysis results point to several areas requiring immediate attention. The 3 unprotected AJAX handlers present a direct entry point for attackers to potentially trigger unintended actions. The high number of unsanitized paths in the taint analysis, particularly those flagged as high severity, are critical indicators of potential security flaws. The plugin's strengths lie in its SQL query and output escaping practices, but these are overshadowed by the direct risks introduced by unprotected entry points and unsanitized data flows. It's crucial to address these findings to improve the plugin's overall security.

Key Concerns

Unprotected AJAX handlers
High severity unsanitized paths in taint flows
Unsanitized paths in taint flows

Vulnerabilities

None known

ALLDAMI Site Migration Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

ALLDAMI Site Migration Release Timeline

v1.0.9Current

v1.0.8

Code Analysis

Analyzed Apr 16, 2026

ALLDAMI Site Migration Code Analysis

Dangerous Functions

Raw SQL Queries

36 prepared

Unescaped Output

247 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

set_time_limitset_time_limit(300); // phpcs:ignore Squiz.PHP.DiscouragedFunctions.Discouragedajax/export.php:26

ini_setini_set('memory_limit', '512M'); // phpcs:ignore WordPress.PHP.IniSet.memory_limit_Blacklisted, Squiajax/export.php:29

ini_set@ini_set('memory_limit', $memoryLimit); // phpcs:ignore Squiz.PHP.DiscouragedFunctions.Discouragedajax/export.php:61

set_time_limitset_time_limit(300);ajax/file-restore-direct.php:35

ini_setini_set('memory_limit', '512M'); // phpcs:ignore WordPress.PHP.IniSet.memory_limit_Blacklistedajax/file-restore-direct.php:38

set_time_limitset_time_limit(300);ajax/file-restore-direct.php:101

ini_setini_set('memory_limit', '512M'); // phpcs:ignore WordPress.PHP.IniSet.memory_limit_Blacklistedajax/file-restore-direct.php:107

set_time_limitset_time_limit(300);ajax/finalize-direct.php:98

ini_setini_set('memory_limit', '512M'); // phpcs:ignore WordPress.PHP.IniSet.memory_limit_Blacklistedajax/finalize-direct.php:101

set_time_limitset_time_limit(300);ajax/import-direct.php:95

ini_setini_set('memory_limit', '256M'); // phpcs:ignore WordPress.PHP.IniSet.memory_limit_Blacklistedajax/import-direct.php:101

set_time_limitset_time_limit(300);ajax/import.php:36

ini_setini_set('memory_limit', '512M'); // phpcs:ignore WordPress.PHP.IniSet.memory_limit_Blacklistedajax/import.php:39

unserialize$unserialized = @unserialize($data);engine/ReplaceEngine.php:180

SQL Query Safety

100% prepared36 total queries

Output Escaping

87% escaped284 total outputs

Data Flows · Security

5 unsanitized

Data Flow Analysis

6 flows5 with unsanitized paths

<file-restore-direct> (ajax/file-restore-direct.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

ALLDAMI Site Migration Attack Surface

Entry Points8

Unprotected3

AJAX Handlers 8

authwp_ajax_alldami_exportalldami-site-migration.php:91

authwp_ajax_alldami_importalldami-site-migration.php:92

authwp_ajax_alldami_progressalldami-site-migration.php:93

authwp_ajax_alldami_preflightalldami-site-migration.php:94

authwp_ajax_alldami_delete_tempalldami-site-migration.php:95

authwp_ajax_alldami_db_import_directalldami-site-migration.php:98

authwp_ajax_alldami_file_restore_directalldami-site-migration.php:99

authwp_ajax_alldami_finalize_directalldami-site-migration.php:100

WordPress Hooks 6

actionplugins_loadedalldami-site-migration.php:84

actionadmin_menualldami-site-migration.php:87

actionadmin_enqueue_scriptsalldami-site-migration.php:88

actionadmin_post_alldami_save_settingsalldami-site-migration.php:107

actionadmin_post_alldami_reset_settingsalldami-site-migration.php:108

actionmuplugins_loadedmu-plugin/alldami-bootstrap.php:72

Maintenance & Trust

ALLDAMI Site Migration Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 25, 2026

PHP min version7.4

Downloads199

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

ALLDAMI Site Migration Alternatives

Migratico Lite

migratico-lite

100

The simple and reliable WordPress migration plugin. Quickly backup, migrate, copy, move, or clone your site from one location to another.

10 No CVEs

Transferito: WP Migration

transferito

100

The easiest 1-Click WordPress Migration plugin that will migrate, clone, transfer and move your WordPress site to any host in seconds.

500 No CVEs

1 Click Migration & Backup: Free WordPress Migration Plugin with Zero Downtime & Easy Clone

1-click-migration

Free WordPress migration plugin for backup, restore, clone, and site transfer with zero downtime. Migrate WordPress site easily.

300 1 unpatched

InstaMigrate

instamigrate

100

Secure REST API endpoints for WordPress site migration — database export/import, file transfer, and search-replace.

0 No CVEs

All-in-One WP Migration and Backup

all-in-one-wp-migration

Trusted by 60M+ sites: The gold standard for WordPress migration and backup. Migrate, backup, and restore your WordPress site with one click.

5.0M 13 CVEs

Developer Profile

ALLDAMI Site Migration Developer Profile

Baris ARAN

2 plugins · 0 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect ALLDAMI Site Migration

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/alldami-site-migration/assets/css/common.css/wp-content/plugins/alldami-site-migration/assets/css/export.css/wp-content/plugins/alldami-site-migration/assets/css/import.css/wp-content/plugins/alldami-site-migration/assets/css/settings.css/wp-content/plugins/alldami-site-migration/assets/js/admin.js/wp-content/plugins/alldami-site-migration/assets/js/common.js/wp-content/plugins/alldami-site-migration/assets/js/export.js/wp-content/plugins/alldami-site-migration/assets/js/import.js+1 more

Script Paths

/wp-content/plugins/alldami-site-migration/assets/js/admin.js/wp-content/plugins/alldami-site-migration/assets/js/common.js/wp-content/plugins/alldami-site-migration/assets/js/export.js/wp-content/plugins/alldami-site-migration/assets/js/import.js/wp-content/plugins/alldami-site-migration/assets/js/settings.js

Version Parameters

alldami-site-migration/assets/css/common.css?ver=alldami-site-migration/assets/css/export.css?ver=alldami-site-migration/assets/css/import.css?ver=alldami-site-migration/assets/css/settings.css?ver=alldami-site-migration/assets/js/admin.js?ver=alldami-site-migration/assets/js/common.js?ver=alldami-site-migration/assets/js/export.js?ver=alldami-site-migration/assets/js/import.js?ver=alldami-site-migration/assets/js/settings.js?ver=

HTML / DOM Fingerprints

CSS Classes

alldami-site-migration-wrapalldami-export-pagealldami-import-pagealldami-settings-pagealldami-progress-baralldami-progress-text

Data Attributes

data-plugin-versiondata-action

JS Globals

AllDataMigration_ajax_object

REST Endpoints

/wp-json/alldami-site-migration/v1/export/wp-json/alldami-site-migration/v1/import/wp-json/alldami-site-migration/v1/progress/wp-json/alldami-site-migration/v1/preflight

FAQ