WP-Safety

WP Migrate Lite – Migration Made Easy Security & Risk Analysis

wordpress.org/plugins/wp-migrate-db

Migrate your database. Export full sites including media, themes, and plugins. Find and replace content with support for serialized data.

200K active installs v2.7.7 PHP 5.6+ WP 5.2+ Updated Dec 8, 2025
cloneexport-siteimport-sitemigratepush-pull
99
A · Safe
CVEs total1
Unpatched0
Last CVENov 17, 2025
Plugin page Download
Safety Verdict

Is WP Migrate Lite – Migration Made Easy Safe to Use in 2026?

Generally Safe

Score 99/100

WP Migrate Lite – Migration Made Easy has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 17, 2025Updated 3mo ago
Risk Assessment

The wp-migrate-db plugin, version 2.7.7, generally exhibits good security practices with a low attack surface and a significant percentage of SQL queries using prepared statements and outputs being properly escaped. All identified entry points have authentication checks, and there are no REST API routes without permission callbacks or shortcodes, which are common attack vectors. However, the presence of 4 taint flows with unsanitized paths, even though classified as non-critical, warrants attention as it suggests potential pathways for malicious input to be processed without adequate sanitization.

The vulnerability history, while showing no currently unpatched CVEs, reveals one past medium-severity vulnerability primarily related to Server-Side Request Forgery (SSRF). This indicates a historical susceptibility to a specific class of vulnerability, and while it is patched, it serves as a reminder to remain vigilant. The plugin's robust use of file operations (56) and external HTTP requests (1) suggests functionality that, if not carefully managed, could be a source of vulnerabilities, but the static analysis does not highlight specific issues in these areas for this version.

In conclusion, wp-migrate-db v2.7.7 presents a relatively strong security posture due to its careful handling of its attack surface and core coding practices. The main area for improvement lies in addressing the identified unsanitized taint flows, and the past SSRF vulnerability underscores the importance of ongoing security audits. The plugin's strengths in authentication and output handling significantly outweigh its weaknesses.

Key Concerns

  • Unsanitized taint flows found
  • Past medium severity vulnerability (SSRF)
Vulnerabilities
1

WP Migrate Lite – Migration Made Easy Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-11427medium · 5.8Server-Side Request Forgery (SSRF)

WP Migrate Lite <= 2.7.6 - Unauthenticated Blind Server-Side Request Forgery

Nov 17, 2025 Patched in 2.7.7 (57d)
Code Analysis
Analyzed Mar 16, 2026

WP Migrate Lite – Migration Made Easy Code Analysis

Dangerous Functions
0
Raw SQL Queries
14
44 prepared
Unescaped Output
13
53 escaped
Nonce Checks
6
Capability Checks
4
File Operations
56
External Requests
1
Bundled Libraries
0

SQL Query Safety

76% prepared58 total queries

Output Escaping

80% escaped66 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
download_file (class\Common\Filesystem\Filesystem.php:774)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WP Migrate Lite – Migration Made Easy Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 4

authwp_ajax_wpmdb_flushclass\Common\Migration\Flush.php:48
authwp_ajax_wpmdb_migrate_tableclass\Common\Migration\MigrationManager.php:172
authwp_ajax_wpmdb_delete_migration_profileclass\Common\Profile\ProfileManager.php:164
authwp_ajax_wpmdb_save_profileclass\Common\Profile\ProfileManager.php:165
WordPress Hooks 94
filterwpmdb_notification_stringsclass\Common\Addon\AddonAbstract.php:87
actionactivate_pluginclass\Common\Addon\AddonsFacade.php:47
actionadmin_noticesclass\Common\Addon\AddonsFacade.php:48
actionplugins_loadedclass\Common\Addon\AddonsFacade.php:49
actionplugins_loadedclass\Common\Addon\AddonsFacade.php:52
filterwpmdb_backup_header_included_tablesclass\Common\BackupExport.php:73
filterwpmdb_cli_finalize_migration_responseclass\Common\Cli\Cli.php:122
filterwpmdb_cli_tables_to_migrateclass\Common\Cli\Cli.php:123
actionadmin_initclass\Common\Compatibility\Compatibility.php:34
filteroption_active_pluginsclass\Common\Compatibility\Compatibility.php:35
filtersite_option_active_sitewide_pluginsclass\Common\Compatibility\Compatibility.php:36
filterstylesheet_directoryclass\Common\Compatibility\Compatibility.php:37
filtertemplate_directoryclass\Common\Compatibility\Compatibility.php:38
actionmuplugins_loadedclass\Common\Compatibility\Compatibility.php:39
actionmuplugins_loadedclass\Common\Compatibility\Compatibility.php:40
actionafter_setup_themeclass\Common\Compatibility\Compatibility.php:41
actionadmin_initclass\Common\Compatibility\CompatibilityManager.php:120
actionwp_migrate_db_remove_compatibility_pluginclass\Common\Compatibility\CompatibilityManager.php:123
filterwpmdb_notification_stringsclass\Common\Compatibility\CompatibilityManager.php:127
actionwpmdb_initiate_migrationclass\Common\Error\Logger.php:18
actionwpmdb_after_finalize_migrationclass\Common\Error\Logger.php:19
actionwpmdb_cancellationclass\Common\Error\Logger.php:20
actionwpmdb_respond_remote_initiateclass\Common\Error\Logger.php:21
actionwpmdb_remote_finalizeclass\Common\Error\Logger.php:22
actionwpmdb_respond_to_push_cancellationclass\Common\Error\Logger.php:23
actiontools_page_wp-migrate-db-proclass\Common\Filesystem\Filesystem.php:68
actiontools_page_wp-migrate-dbclass\Common\Filesystem\Filesystem.php:69
actionsettings_page_wp-migrate-db-proclass\Common\Filesystem\Filesystem.php:70
actionsettings_page_wp-migrate-dbclass\Common\Filesystem\Filesystem.php:71
actionadmin_initclass\Common\Filesystem\Filesystem.php:74
actionwpmdb_migration_completeclass\Common\Filesystem\RecursiveScanner.php:60
actionwpmdb_cancellationclass\Common\Filesystem\RecursiveScanner.php:61
filterwpmdb_after_responseclass\Common\Http\RemotePost.php:149
filterwpmdb_addon_registered_mfclass\Common\MF\Manager.php:25
actionwpmdb_load_assetsclass\Common\MF\MediaFilesAddon.php:75
filterwpmdb_diagnostic_infoclass\Common\MF\MediaFilesAddon.php:77
filterwpmdb_establish_remote_connection_dataclass\Common\MF\MediaFilesAddon.php:78
filterwpmdb_dataclass\Common\MF\MediaFilesAddon.php:79
actionwpmdb_migration_completeclass\Common\MF\MediaFilesAddon.php:81
filterwpmdb_site_detailsclass\Common\MF\MediaFilesAddon.php:82
actionwpmdb_migration_completeclass\Common\MF\MediaFilesLocal.php:101
actionwpmdb_respond_to_push_cancellationclass\Common\MF\MediaFilesLocal.php:102
actionwpmdb_cancellationclass\Common\MF\MediaFilesLocal.php:103
actionwpmdb_finalize_migrationclass\Common\MF\MediaFilesLocal.php:104
actionwpmdb_finalize_key_rulesclass\Common\MF\MediaFilesLocal.php:105
actionrest_api_initclass\Common\MF\MediaFilesLocal.php:115
actionrest_api_initclass\Common\Migration\MigrationManager.php:171
filterwpmdb_create_table_queryclass\Common\Migration\MigrationManager.php:283
filterwpmdb_create_table_queryclass\Common\Migration\MigrationManager.php:288
actionadmin_enqueue_scriptsclass\Common\Plugin\Assets.php:42
filteradmin_body_classclass\Common\Plugin\Assets.php:58
actionadmin_headclass\Common\Plugin\Menu.php:66
actionnetwork_admin_menuclass\Common\Plugin\Menu.php:69
actionadmin_menuclass\Common\Plugin\Menu.php:70
actionadmin_menuclass\Common\Plugin\Menu.php:72
actionpre_current_active_pluginsclass\Common\Plugin\PluginManagerBase.php:162
actionplugins_loadedclass\Common\Plugin\PluginManagerBase.php:164
filterhttp_request_argsclass\Common\Plugin\PluginManagerBase.php:167
actionadmin_initclass\Common\Plugin\PluginManagerBase.php:169
actionrest_api_initclass\Common\Plugin\PluginManagerBase.php:172
filterwpmdb_notification_stringsclass\Common\Plugin\PluginManagerBase.php:175
actionrest_api_initclass\Common\Profile\ProfileManager.php:168
actionwpmdb_before_schema_updateclass\Common\Profile\ProfileManager.php:169
actioninitclass\Common\Properties\Properties.php:112
filtercron_schedulesclass\Common\Queue\Cron.php:65
actionwpmdb_initiate_migrationclass\Common\Queue\Manager.php:61
actionrest_api_initclass\Common\Replace.php:196
actionrest_api_initclass\Common\Settings\SettingsManager.php:77
filterwpmdb_addon_registered_tpfclass\Common\TPF\Manager.php:24
filterwpmdb_before_finalize_migrationclass\Common\TPF\ThemePluginFilesAddon.php:125
actionwpmdb_migration_completeclass\Common\TPF\ThemePluginFilesAddon.php:126
actionwpmdb_respond_to_push_cancellationclass\Common\TPF\ThemePluginFilesAddon.php:127
actionwpmdb_cancellationclass\Common\TPF\ThemePluginFilesAddon.php:128
actionwpmdb_load_assetsclass\Common\TPF\ThemePluginFilesAddon.php:129
actionwpmdb_before_verify_connection_to_remote_siteclass\Common\TPF\ThemePluginFilesAddon.php:130
filterwpmdb_diagnostic_infoclass\Common\TPF\ThemePluginFilesAddon.php:131
filterwpmdb_establish_remote_connection_dataclass\Common\TPF\ThemePluginFilesAddon.php:132
filterwpmdb_dataclass\Common\TPF\ThemePluginFilesAddon.php:133
filterwpmdb_site_detailsclass\Common\TPF\ThemePluginFilesAddon.php:134
actionwpmdb_initiate_migrationclass\Common\TPF\ThemePluginFilesLocal.php:110
actionrest_api_initclass\Common\TPF\ThemePluginFilesLocal.php:111
filterwpmdb_theoretical_transfer_bottleneckclass\Common\Transfers\Files\Util.php:70
filterwpmdb_bottleneck_dir_scanclass\Common\Transfers\Files\Util.php:690
filterhome_urlclass\Common\Util\Util.php:1321
filteradmin_footer_textclass\Free\Plugin\PluginManager.php:36
filterupdate_footerclass\Free\Plugin\PluginManager.php:38
actioninitclass\WPMigrateDB.php:66
filternocache_headersclass\WPMigrateDB.php:68
actionadmin_initphp-checker.php:33
actionadmin_noticesphp-checker.php:50
actionplugins_loadedsetup-mdb.php:37
actionplugins_loadedsetup-mdb.php:81
actionactivated_pluginsetup-plugin.php:48
actionwpmdb_migration_completesetup-plugin.php:49
Maintenance & Trust

WP Migrate Lite – Migration Made Easy Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 8, 2025
PHP min version5.6
Downloads7.9M

Community Trust

Rating86/100
Number of ratings311
Active installs200K
Alternatives

WP Migrate Lite – Migration Made Easy Alternatives

All-in-One WP Migration and Backup

All-in-One WP Migration and Backup

all-in-one-wp-migration

A
90

Trusted by 60M+ sites: The gold standard for WordPress migration and backup. Migrate, backup, and restore your WordPress site with one click.

5.0M 13 CVEs
WPvivid — Backup, Migration & Staging

WPvivid — Backup, Migration & Staging

wpvivid-backuprestore

B
75

Migrate, staging, backup WordPress, all in one.

900K 26 CVEs
Migrate Guru – Site Migration & Cloning

Migrate Guru – Site Migration & Cloning

migrate-guru

A
100

Effortlessly migrate, clone, or transfer your WordPress site to over 5,000 web hosts with Migrate Guru, trusted by Cloudways, Pantheon, and Dreamhost.

200K No CVEs
Clone

Clone

wp-clone-by-wp-academy

A
93

100% FREE clone and migration

50K 5 CVEs
InstaWP Connect – 1-click WP Staging & Migration

InstaWP Connect – 1-click WP Staging & Migration

instawp-connect

B
76

Create a staging WordPress site from production (live site). Ideal for testing updates, version change or re-write. Sync back only the changes.

30K 15 CVEs
Developer Profile

WP Migrate Lite – Migration Made Easy Developer Profile

WP Engine

16 plugins · 3.5M total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
1006 days
View full developer profile
Detection Fingerprints

How We Detect WP Migrate Lite – Migration Made Easy

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-migrate-db/asset/js/wpmdb-admin.js/wp-content/plugins/wp-migrate-db/asset/css/wpmdb-admin.css/wp-content/plugins/wp-migrate-db/asset/js/jquery/jquery-ui.js/wp-content/plugins/wp-migrate-db/asset/js/select2.min.js/wp-content/plugins/wp-migrate-db/asset/css/select2.min.css/wp-content/plugins/wp-migrate-db/asset/js/moment.min.js/wp-content/plugins/wp-migrate-db/asset/js/build/wpmdb-main.min.js/wp-content/plugins/wp-migrate-db/asset/js/build/wpmdb-export.min.js+3 more
Script Paths
/wp-content/plugins/wp-migrate-db/asset/js/wpmdb-admin.js/wp-content/plugins/wp-migrate-db/asset/js/jquery/jquery-ui.js/wp-content/plugins/wp-migrate-db/asset/js/select2.min.js/wp-content/plugins/wp-migrate-db/asset/js/moment.min.js/wp-content/plugins/wp-migrate-db/asset/js/build/wpmdb-main.min.js/wp-content/plugins/wp-migrate-db/asset/js/build/wpmdb-export.min.js+3 more
Version Parameters
/wp-content/plugins/wp-migrate-db/asset/css/wpmdb-admin.css?ver=/wp-content/plugins/wp-migrate-db/asset/css/select2.min.css?ver=/wp-content/plugins/wp-migrate-db/asset/js/build/wpmdb-main.min.js?ver=/wp-content/plugins/wp-migrate-db/asset/js/build/wpmdb-export.min.js?ver=/wp-content/plugins/wp-migrate-db/asset/js/build/wpmdb-import.min.js?ver=/wp-content/plugins/wp-migrate-db/asset/js/build/wpmdb-migration.min.js?ver=/wp-content/plugins/wp-migrate-db/asset/js/build/wpmdb-settings.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpmdb-admin-wrapperwpmdb-settings-wrapwpmdb-migration-container
HTML Comments
<!-- Starts the output for the main WPMDB settings form --><!-- Ends the output for the main WPMDB settings form --><!-- The compatibility MU plugin is not installed or is out of date. -->
Data Attributes
data-wpmdb-export-optionsdata-wpmdb-import-optionsdata-wpmdb-migration-options
JS Globals
window.wpmdb_adminwindow.wpmdb_exportwindow.wpmdb_importwindow.wpmdb_migration
FAQ

Frequently Asked Questions about WP Migrate Lite – Migration Made Easy