CVE-2025-11427: 
WordPress Schwachstellenanalyse und -minderung

The WP Migrate Lite – WordPress Migration Made Easy plugin for WordPress is vulnerable to Blind Server-Side Request Forgery (SSRF) in versions up to and including 2.7.6. This vulnerability was assigned CVE-2025-11427 and was discovered on November 18, 2025. The vulnerability affects the wpmdb_flush AJAX action functionality (NVD).

The vulnerability is classified as a Server-Side Request Forgery (SSRF) with a CVSS v3.1 base score of 5.8 (Medium). The attack vector is network-accessible (AV:N) with low attack complexity (AC:L), requires no privileges (PR:N), needs no user interaction (UI:N), has changed scope (S:C), and can result in low confidentiality impact (C:L) with no impact on integrity (I:N) or availability (A:N) (Wordfence).

The vulnerability allows unauthenticated attackers to make web requests to arbitrary locations originating from the web application. This can be exploited to obtain information about internal services, potentially exposing sensitive internal infrastructure details (NVD).