WP-Safety

Pro Services Post Migrator Security & Risk Analysis

wordpress.org/plugins/pro-services-post-migrator

Move WordPress posts between sites faster with reliable ZIP or direct REST migrations, smart author mapping, and built-in media + taxonomy support.

0 active installs v1.0.2 PHP 8.0+ WP 6.2+ Updated Apr 2, 2026
mediamigrationpostsproserv
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Pro Services Post Migrator Safe to Use in 2026?

Generally Safe

Score 100/100

Pro Services Post Migrator has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The 'pro-services-post-migrator' v1.0.2 plugin exhibits a concerning security posture primarily due to its extensive unprotected AJAX endpoints. While the plugin demonstrates good practices in other areas, such as using prepared statements for all SQL queries and a high percentage of properly escaped output, the lack of authentication and capability checks on all 10 AJAX handlers represents a significant attack surface. The taint analysis reveals two high-severity flows with unsanitized paths, indicating potential for injection-style vulnerabilities if these flows are reachable without proper sanitization within the AJAX handlers. The absence of any known historical vulnerabilities could suggest either a lack of past scrutiny or a history of good security practices in previous versions. However, the current static analysis findings, particularly the unprotected AJAX endpoints combined with high-severity taint flows, present a clear and present risk that requires immediate attention.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows
Vulnerabilities
None known

Pro Services Post Migrator Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Pro Services Post Migrator Release Timeline

v1.0.2Current
Code Analysis
Analyzed Apr 16, 2026

Pro Services Post Migrator Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
20 prepared
Unescaped Output
2
115 escaped
Nonce Checks
12
Capability Checks
10
File Operations
6
External Requests
2
Bundled Libraries
0

SQL Query Safety

100% prepared20 total queries

Output Escaping

98% escaped117 total outputs
Data Flows · Security
8 unsanitized

Data Flow Analysis

11 flows8 with unsanitized paths
pspm_maybe_download_export_file (includes/export.php:279)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
10 unprotected

Pro Services Post Migrator Attack Surface

Entry Points10
Unprotected10

AJAX Handlers 10

authwp_ajax_pspm_generate_connection_keypro-services-post-migrator.php:40
authwp_ajax_pspm_run_preflightpro-services-post-migrator.php:41
authwp_ajax_pspm_start_exportpro-services-post-migrator.php:42
authwp_ajax_pspm_process_exportpro-services-post-migrator.php:43
authwp_ajax_pspm_finalize_exportpro-services-post-migrator.php:44
authwp_ajax_pspm_upload_import_packagepro-services-post-migrator.php:46
authwp_ajax_pspm_start_direct_importpro-services-post-migrator.php:47
authwp_ajax_pspm_save_author_choicespro-services-post-migrator.php:48
authwp_ajax_pspm_process_importpro-services-post-migrator.php:49
authwp_ajax_pspm_get_run_logspro-services-post-migrator.php:50
WordPress Hooks 5
actioninitpro-services-post-migrator.php:34
actionrest_api_initpro-services-post-migrator.php:35
actionadmin_menupro-services-post-migrator.php:36
actionadmin_enqueue_scriptspro-services-post-migrator.php:37
actionadmin_initpro-services-post-migrator.php:38
Maintenance & Trust

Pro Services Post Migrator Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedApr 2, 2026
PHP min version8.0
Downloads75

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Pro Services Post Migrator Alternatives

SM Easy Post Migrator

SM Easy Post Migrator

sm-easy-post-migrator

A
100

Migrate posts, pages, media, and internal links between WordPress sites without breaking links or losing images.

10 No CVEs
Bulk Datetime Change

Bulk Datetime Change

bulk-datetime-change

A
100

Bulk change date/time for posts.

7K 1 CVE
Find Posts Using Attachment

Find Posts Using Attachment

find-posts-using-attachment

A
85

Allows to find all posts where a particular attachment is used.

1K No CVEs
Widget Box Lite

Widget Box Lite

widget-box-lite

A
85

A toolbox of great widgets for your daily blogging. Display recent posts, social links, and much more. Designed for Theme4Press themes

1K No CVEs
Export/Import Media

Export/Import Media

calliope-media-import-export

A
100

Import and export your WordPress media library using CSV, with preview, batch processing, duplicate prevention, and support for media metadata.

900 No CVEs
Developer Profile

Pro Services Post Migrator Developer Profile

mdburnette

7 plugins · 2K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Pro Services Post Migrator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/pro-services-post-migrator/assets/admin.css
Script Paths
/wp-content/plugins/pro-services-post-migrator/assets/admin.js
Version Parameters
pro-services-post-migrator/assets/admin.css?ver=pro-services-post-migrator/assets/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
pspm-cardpspm-resultspspm-wrappspm-tool-gridpspm-tool-cardpspm-tool-card-headerpspm-tool-statuspspm-tool-status-live+2 more
Data Attributes
id="pspm-run-preflight"id="pspm-preflight-results"id="pro-services-tools"id="pro-services-post-migrator-source"id="pro-services-post-migrator-destination"id="pro-services-alt-tag-auditor"+2 more
JS Globals
PSPMAdmin
REST Endpoints
/wp-json/pro-services-post-migrator/v1
FAQ

Frequently Asked Questions about Pro Services Post Migrator