Does Transferito: WP Migration have any unpatched vulnerabilities?

No. All known vulnerabilities in Transferito: WP Migration have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Transferito: WP Migration compatible with WordPress 6.9.4?

According to WordPress.org data, Transferito: WP Migration 14.1.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Transferito: WP Migration compatible with PHP 5.6+?

Transferito: WP Migration requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Transferito: WP Migration updated?

Transferito: WP Migration was last updated on Dec 7, 2025. Frequent updates are generally a positive security signal.

What is Transferito: WP Migration's security score?

Transferito: WP Migration has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Transferito: WP Migration Security & Risk Analysis

wordpress.org/plugins/transferito

The easiest 1-Click WordPress Migration plugin that will migrate, clone, transfer and move your WordPress site to any host in seconds.

500 active installs v14.1.3 PHP 5.6+ WP 4.7+ Updated Dec 7, 2025

clone-wordpressmigrate-wordressmove-wordpresswordpress-migrationwordpress-transfer

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Transferito: WP Migration Safe to Use in 2026?

Generally Safe

Score 100/100

Transferito: WP Migration has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The "transferito" v14.1.3 plugin exhibits a mixed security posture. On the positive side, it demonstrates strong output escaping practices with 100% of outputs being properly escaped, and a robust use of nonces for entry points, with 39 out of 40 AJAX handlers including them. The lack of any recorded vulnerability history, including critical or high-severity CVEs, is a significant strength. Furthermore, taint analysis reveals no critical or high-severity unsanitized flows.

However, there are notable security concerns. The plugin exposes a substantial attack surface with 40 AJAX handlers, and critically, 3 of these lack authentication checks. This presents a direct risk of unauthorized actions being performed if these handlers are exploitable. The presence of dangerous functions like 'exec' and 'unserialize' within the code, although not flagged by taint analysis in this specific version, warrants caution as they can be vectors for code execution if user input is improperly handled in other contexts or future versions. Additionally, while 50% of SQL queries use prepared statements, the other half do not, which is a potential vulnerability for SQL injection.

In conclusion, "transferito" v14.1.3 has some good security foundations, particularly in output handling and its clean vulnerability history. However, the unprotected AJAX endpoints and the potential risks associated with dangerous functions and non-prepared SQL queries are significant weaknesses that require attention. The plugin's overall security is compromised by these specific unaddressed entry points.

Key Concerns

Unprotected AJAX handlers
SQL queries without prepared statements
Use of dangerous functions (exec, unserialize)

Vulnerabilities

None known

Transferito: WP Migration Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Transferito: WP Migration Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

288 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

execexec(sprintf('kill -0 %d; echo $?', $pid), $output);core\helperFunctions.php:213

exec: function_exists('exec') && @exec('echo EXEC') == 'EXEC';src\Controllers\Transfer.php:398

exec$pid = exec($command);src\Models\Transfer\CodeBase.php:390

exec$pid = exec($tarCommand);src\Models\Transfer\CodeBase.php:424

exec$pid = exec("{$moveCommand} > /dev/null & echo $!;");src\Models\Transfer\Database.php:49

unserializeif (!@unserialize($row[$fieldIndex])) {src\Models\Transfer\Database.php:269

Bundled Libraries

Guzzle

SQL Query Safety

50% prepared8 total queries

Output Escaping

100% escaped288 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

addFilesToCodebase (src\Controllers\Transfer.php:2303)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Transferito: WP Migration Attack Surface

Entry Points40

Unprotected3

AJAX Handlers 40

authwp_ajax_preparing_transfersrc\Controllers\Transfer.php:34

authwp_ajax_start_migrationsrc\Controllers\Transfer.php:35

authwp_ajax_clean_up_filessrc\Controllers\Transfer.php:36

authwp_ajax_status_checksrc\Controllers\Transfer.php:37

authwp_ajax_get_directoriessrc\Controllers\Transfer.php:42

authwp_ajax_correct_directory_validationsrc\Controllers\Transfer.php:43

authwp_ajax_initiate_local_uploadsrc\Controllers\Transfer.php:46

authwp_ajax_upload_chunksrc\Controllers\Transfer.php:47

authwp_ajax_complete_uploadsrc\Controllers\Transfer.php:48

authwp_ajax_preparing_codebasesrc\Controllers\Transfer.php:49

authwp_ajax_add_files_to_codebase_archivesrc\Controllers\Transfer.php:50

authwp_ajax_codebase_completionsrc\Controllers\Transfer.php:51

authwp_ajax_preparing_databasesrc\Controllers\Transfer.php:52

authwp_ajax_create_db_exportssrc\Controllers\Transfer.php:53

authwp_ajax_database_completionsrc\Controllers\Transfer.php:54

authwp_ajax_archive_db_exportssrc\Controllers\Transfer.php:55

authwp_ajax_database_relocationsrc\Controllers\Transfer.php:56

authwp_ajax_database_relocation_checksrc\Controllers\Transfer.php:57

authwp_ajax_check_archive_completionsrc\Controllers\Transfer.php:58

authwp_ajax_archive_creationsrc\Controllers\Transfer.php:59

authwp_ajax_archive_progress_checksrc\Controllers\Transfer.php:60

authwp_ajax_cpanel_authenticationsrc\Controllers\Transfer.php:61

authwp_ajax_server_detail_validationsrc\Controllers\Transfer.php:62

authwp_ajax_transferito_hide_welcome_screensrc\Controllers\Transfer.php:63

authwp_ajax_database_detail_validationsrc\Controllers\Transfer.php:66

authwp_ajax_hide_quickstart_popupsrc\Controllers\Transfer.php:67

authwp_ajax_send_request_formsrc\Controllers\Transfer.php:68

authwp_ajax_log_transferito_eventsrc\Controllers\Transfer.php:69

authwp_ajax_start_directory_searchsrc\Controllers\Transfer.php:70

authwp_ajax_get_directory_check_updatesrc\Controllers\Transfer.php:71

authwp_ajax_check_premium_api_keyssrc\Controllers\Transfer.php:72

authwp_ajax_download_transferito_verification_filesrc\Controllers\Transfer.php:73

authwp_ajax_transferito_validate_destination_server_connectionsrc\Controllers\Transfer.php:74

authwp_ajax_mark_backup_completedsrc\Controllers\Transfer.php:75

authwp_ajax_check_current_sitesrc\Controllers\Transfer.php:81

authwp_ajax_check_cpanel_availabilitysrc\Controllers\Transfer.php:82

authwp_ajax_choose_migration_methodsrc\Controllers\Transfer.php:83

authwp_ajax_switch_modesrc\Controllers\Transfer.php:84

authwp_ajax_screen_route_redirectionsrc\Controllers\Transfer.php:85

authwp_ajax_load_directory_templatesrc\Controllers\Transfer.php:86

WordPress Hooks 8

actionadmin_menusrc\Models\Settings\Setup.php:24

actionadmin_initsrc\Models\Settings\Setup.php:25

actionadmin_enqueue_scriptssrc\Models\Settings\Setup.php:26

actionadmin_noticessrc\Models\Settings\Setup.php:27

actionplugin_action_links_transferito/transferito.phpsrc\Models\Settings\Setup.php:28

actionadmin_post_transferito_add_connected_sitesrc\Models\Settings\Setup.php:29

filterwp_script_attributessrc\Models\Settings\Setup.php:31

filterplugin_row_metasrc\Models\Settings\Setup.php:32

Maintenance & Trust

Transferito: WP Migration Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 7, 2025

PHP min version5.6

Downloads33K

Community Trust

Rating90/100

Number of ratings16

Active installs500

Alternatives

Transferito: WP Migration Alternatives

1 Click Migration & Backup: Free WordPress Migration Plugin with Zero Downtime & Easy Clone

1-click-migration

Free WordPress migration plugin for backup, restore, clone, and site transfer with zero downtime. Migrate WordPress site easily.

400 1 unpatched

All-in-One WP Migration and Backup

all-in-one-wp-migration

Trusted by 60M+ sites: The gold standard for WordPress migration and backup. Migrate, backup, and restore your WordPress site with one click.

5.0M 13 CVEs

Backup, Restore and Migrate your sites with XCloner

xcloner-backup-and-restore

XCloner is a backup plugin that allows you to safely back up and restore your WordPress sites. You can send site backups to SFTP, Dropbox, Amazon, Goo …

10K 16 CVEs

WebToffee WP Backup and Migration

wp-migration-duplicator

Easily backup, restore, or migrate. Supports one-click backup and scheduled backup. Backup selected content to Amazon S3, Google Drive, FTP/SFTP, etc.

6K 7 CVEs

No Nonsense

no-nonsense

100

The fastest, cleanest way to get rid of the parts of WordPress you don't need.

1K No CVEs

Developer Profile

Transferito: WP Migration Developer Profile

Transferito

1 plugin · 500 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Transferito: WP Migration

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/transferito/transferito.php/wp-content/plugins/transferito/src/Views/Assets/css/main.css/wp-content/plugins/transferito/src/Views/Assets/css/bootstrap.min.css/wp-content/plugins/transferito/src/Views/Assets/css/style.css/wp-content/plugins/transferito/src/Views/Assets/js/main.js/wp-content/plugins/transferito/src/Views/Assets/js/settings.js/wp-content/plugins/transferito/src/Views/Assets/js/transfer.js/wp-content/plugins/transferito/src/Views/Assets/js/modal.js+1 more

Script Paths

/wp-content/plugins/transferito/src/Views/Assets/js/main.js/wp-content/plugins/transferito/src/Views/Assets/js/settings.js/wp-content/plugins/transferito/src/Views/Assets/js/transfer.js/wp-content/plugins/transferito/src/Views/Assets/js/modal.js/wp-content/plugins/transferito/src/Views/Assets/js/connected-sites.js

Version Parameters

transferito/transferito.php?ver=transferito/src/Views/Assets/css/main.css?ver=transferito/src/Views/Assets/css/bootstrap.min.css?ver=transferito/src/Views/Assets/css/style.css?ver=transferito/src/Views/Assets/js/main.js?ver=transferito/src/Views/Assets/js/settings.js?ver=transferito/src/Views/Assets/js/transfer.js?ver=transferito/src/Views/Assets/js/modal.js?ver=transferito/src/Views/Assets/js/connected-sites.js?ver=

HTML / DOM Fingerprints

CSS Classes

transferito-plugin-icon

HTML Comments

Data Attributes

data-plugin-urldata-add-site-nonce

JS Globals

transferitoTransferSettingstransferitoMainSettingstransferitoModalSettingstransferitoConnectedSitesSettings

REST Endpoints

/wp-json/transferito/v1/sites/add

FAQ

Transferito: WP Migration Security & Risk Analysis

Is Transferito: WP Migration Safe to Use in 2026?

Generally Safe

Key Concerns

Transferito: WP Migration Security Vulnerabilities

Transferito: WP Migration Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Transferito: WP Migration Attack Surface

AJAX Handlers 40

Transferito: WP Migration Maintenance & Trust

Maintenance Signals

Community Trust

Transferito: WP Migration Alternatives

1 Click Migration & Backup: Free WordPress Migration Plugin with Zero Downtime & Easy Clone

All-in-One WP Migration and Backup

Backup, Restore and Migrate your sites with XCloner

WebToffee WP Backup and Migration

No Nonsense

Transferito: WP Migration Developer Profile

How We Detect Transferito: WP Migration

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Transferito: WP Migration