WING Website Migrator Security & Risk Analysis
wordpress.org/plugins/wing-migratorA website migration plugin for ConoHa WING hosting service.
Is WING Website Migrator Safe to Use in 2026?
Generally Safe
Score 99/100WING Website Migrator has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.
The wing-migrator plugin v2.0.3 demonstrates a generally strong security posture with good practices in several key areas. Notably, all SQL queries utilize prepared statements, output escaping is consistently applied, and there are no identified taint flows or unsanitized paths. The absence of a large attack surface, particularly unprotected entry points, is also a positive sign. However, the presence of 'ini_set' and 'set_time_limit' functions raises concerns about potential misuse for resource exhaustion attacks or bypassing server configurations, even though their immediate exploitability isn't detailed in the static analysis. The vulnerability history, while currently showing no unpatched CVEs, indicates a past medium-severity issue, specifically a Cross-Site Request Forgery (CSRF). This suggests that while the current version might be clean, the plugin has had security flaws in the past, warranting continued vigilance and timely updates. The plugin's strengths lie in its sanitization and permission checks, but the use of dangerous functions and historical vulnerability warrant careful consideration.
Key Concerns
- Presence of dangerous functions (ini_set, set_time_limit)
- Past medium severity CSRF vulnerability
WING Website Migrator Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
WING WordPress Migrator <= 1.2.0 - Cross-Site Request Forgery
WING Website Migrator Release Timeline
WING Website Migrator Code Analysis
Dangerous Functions Found
SQL Query Safety
Output Escaping
WING Website Migrator Attack Surface
WordPress Hooks 1
Maintenance & Trust
WING Website Migrator Maintenance & Trust
Maintenance Signals
Community Trust
WING Website Migrator Alternatives
WP STAGING – WordPress Backup, Restore & Migration
wp-staging
Backup, restore, staging, and migration for WordPress. Create full-site backups and test updates safely. 100% Unit Tested.
WebToffee WP Backup and Migration
wp-migration-duplicator
Easily backup, restore, or migrate. Supports one-click backup and scheduled backup. Backup selected content to Amazon S3, Google Drive, FTP/SFTP, etc.
Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups
trinity-backup
Backup, migrate, clone, and restore WordPress sites of any size. Scheduled, pre-update backups, email notifications, WP-CLI, white label, encryption.
1 Click Migration & Backup: Free WordPress Migration Plugin with Zero Downtime & Easy Clone
1-click-migration
Free WordPress migration plugin for backup, restore, clone, and site transfer with zero downtime. Migrate WordPress site easily.
かんたんお引越し for お名前.com
wp-migration-for-onamaecom
A WordPress migration plugin for Onamae.com Rental Server.
WING Website Migrator Developer Profile
2 plugins · 10K total installs
How We Detect WING Website Migrator
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/wing-migrator/assets/css/main.css/wp-content/plugins/wing-migrator/assets/js/main.js/wp-content/plugins/wing-migrator/assets/js/main.jswing-migrator/assets/css/main.css?ver=wing-migrator/assets/js/main.js?ver=HTML / DOM Fingerprints
wing-migrator<!-- WING Website Migrator -->data-wp-migration-noncewingMigration/wp-json/wing_mig/v1/nonce/wp-json/wing_mig/v1/wp-info/wp-json/wing_mig/v1/backup/wp-json/wing_mig/v1/backup/.+/wp-json/wing_mig/v1/backup/.+/log/wp-json/wing_mig/v1/backup/.+/delete/wp-json/wing_mig/v1/restore/wp-json/wing_mig/v1/restore/.+/wp-json/wing_mig/v1/restore/.+/log/wp-json/wing_mig/v1/restore/.+/delete/wp-json/wing_mig/v1/ssl-challenge/wp-json/wing_mig/v1/ssl-challenge/.+