CVE-2025-24651
WordPress WebToffee WP Backup and Migration plugin <= 1.5.3 - Sensitive Data Exposure vulnerabilityInsertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration allows Retrieve Embedded Sensitive Data. This issue affects WordPress Backup & Migration: from n/a through 1.5.3.
We have discovered 78 live websites that are affected by CVE-2025-24651.
Affected Software
| Product |  Wp Migration Duplicator |
| Category | Wordpress Plugins |
| Vulnerable Domains | 78 live websites (100% of Wp Migration Duplicator install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 6 versions ( 100% of all versions) |
Common Weakness Enumeration
CWE-532 Insertion of Sensitive Information into Log FileDetails
- Published - Apr 17, 2025
- Updated - Apr 17, 2025
Credits
- savphill (Patchstack Alliance) (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-24651 United States | 13 websites |
 Germany | 16 websites |
 France | 5 websites |
 Spain | 4 websites |
 Italy | 4 websites |
 Sweden | 3 websites |
 Australia | 2 websites |
 Brazil | 2 websites |
 Switzerland | 2 websites |
 GB | 2 websites |
Website Distribution by TLD
Number of websites using CVE-2025-24651| .com | 20 websites |
| .de | 11 websites |
| .org | 5 websites |
| .se | 3 websites |
| .co.uk | 2 websites |
| .com.au | 2 websites |
| .net | 2 websites |
| .fr | 2 websites |
| .it | 2 websites |
| .be | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-24651
Top websites that are affected by CVE-2025-24651. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********.com |  Japan | *,***,*** | |
| *********.com |  Russia | *,***,*** | |
| ***************.org | Spain | *,***,*** | |
| **********.org | United States | *,***,*** | |
| **********.***.au | Australia | *,***,*** | |
| ***************.website | United States | *,***,*** | |
| *******.************.net | *,***,*** | ||
| ***.ee |  Estonia | **,***,*** | |
| *******.com | Germany | **,***,*** | |
| ********.ee | United States | **,***,*** |
FAQ
CVE-2025-24651 is Insertion of Sensitive Information into Log File in Wp Migration Duplicator
A total of 78 websites have been identified as vulnerable to CVE-2025-24651, based on global website indexing conducted by WebTechSurvey.
The Wp Migration Duplicator is affected by the CVE-2025-24651 vulnerability.
Wp Migration Duplicator versions up to and including 1.5.3 are vulnerable to CVE-2025-24651.