WP Clinic
Log in Sign up

PLUGIN SECURITY

Is All-in-One WP Migration and Backup safe?

Known vulnerabilities, PHP compatibility and safer alternatives for the All-in-One WP Migration and Backup WordPress plugin — checked against WP Clinic's local security database.

Plugin details

  • Slug: all-in-one-wp-migration
  • Requires PHP: 5.3+
  • Max supported PHP (analyzed): <8.0

Known vulnerabilities

  • All-in-One WP Migration and Backup [all-in-one-wp-migration] < 7.41 [CVE-2021-24216, All-in-One WP Migration &lt; 7.41 - Admin+ Arbitrary File Upload to RCE, All-in-One WP Migration <= 7.40 - Authenticated (Admin+) Arbitrary File Upload]
  • All-in-One WP Migration and Backup [all-in-one-wp-migration] < 7.59 [CVE-2022-1476, WordPress All in One WP Migration plugin <= 7.58 - Directory Traversal to File Deletion on Windows Hosts vulnerability, All-in-One WP Migration &lt; 7.59 - Admin+ File Deletion on Windows Hosts via Path Traversal, All-in-One WP Migration <= 7.58 - Directory Traversal to File Deletion on Windows Hosts]
  • All-in-One WP Migration and Backup [all-in-one-wp-migration] < 7.15 [WordPress All-in-One WP Migration plugin <= 7.14 - Arbitrary Backup Download vulnerability]
  • All-in-One WP Migration and Backup [all-in-one-wp-migration] < 7.0 [WordPress All-in-One WP Migration plugin <= 6.97 - Cross-Site Scripting (XSS) vulnerability (admin backend)]
  • All-in-One WP Migration and Backup [all-in-one-wp-migration] < 2.0.5 [WordPress Migration Plugin <= 2.0.4 - Unauthenticated Database Export]
+ 15 more known vulnerabilities
  • All-in-One WP Migration and Backup [all-in-one-wp-migration] < 7.63 [CVE-2022-2546, WordPress All-in-One WP Migration plugin <= 7.62 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability, All-in-One WP Migration <= 7.62 - Unauthenticated Reflected Cross-Site Scripting, All-in-One WP Migration &lt; 7.63 - Unauthenticated Reflected XSS]
  • All-in-One WP Migration and Backup [all-in-one-wp-migration] < 7.15 [All-in-One WP Migration &lt; 7.15 - Arbitrary Backup Download]
  • All-in-One WP Migration and Backup [all-in-one-wp-migration] < 7.0 [All-in-One WP Migration &lt; 7.0 - Authenticated Cross-Site Scripting (XSS)]
  • All-in-One WP Migration and Backup [all-in-one-wp-migration] < 6.46 [All-in-One WP Migration &lt; 6.46 - Reflected Cross-Site Scripting (XSS)]
  • All-in-One WP Migration and Backup [all-in-one-wp-migration] < 2.0.5 [All-in-One WP Migration &lt; 2.0.5 - Unauthenticated Database Export]
  • All-in-One WP Migration and Backup [all-in-one-wp-migration] < 7.63 [All-in-One WP Migration <= 7.62 - Authenticated (Admin+) Cross-Site Scripting]
  • All-in-One WP Migration and Backup [all-in-one-wp-migration] < 7.15 [All-in-One WP Migration <= 7.14 - Unauthenticated Backup Download]
  • All-in-One WP Migration and Backup [all-in-one-wp-migration] < 7.0 [All-in-One WP Migration <= 6.97 - Authenticated Stored Cross-Site Scripting]
  • All-in-One WP Migration and Backup [all-in-one-wp-migration] < 6.46 [All-in-One WP Migration <= 6.45 - Reflected Cross-Site Scripting]
  • All-in-One WP Migration and Backup [all-in-one-wp-migration] < 2.0.5 [All-in-One WP Migration <= 2.0.4 - Missing Authorization to Database Export]
  • All-in-One WP Migration and Backup [all-in-one-wp-migration] < 2.0.3 [All-in-One WP Migration <= 2.0.2 - Authorization Bypass to Arbitrary File Upload]
  • All-in-One WP Migration and Backup [all-in-one-wp-migration] < 7.87 [CVE-2024-8852, WordPress All-in-One WP Migration Plugin <= 7.86 is vulnerable to Sensitive Data Exposure, All-in-One WP Migration and Backup <= 7.86 - Unauthenticated Information Disclosure via Error Logs]
  • All-in-One WP Migration and Backup [all-in-one-wp-migration] < 7.87 [CVE-2024-9162, All-in-One WP Migration and Backup <= 7.86 - Authenticated (Administrator+) Arbitrary PHP Code Injection, WordPress All-in-One WP Migration Plugin <= 7.86 is vulnerable to PHP Object Injection]
  • All-in-One WP Migration and Backup [all-in-one-wp-migration] < 7.90 [CVE-2024-10942, WordPress All-in-One WP Migration Plugin <= 7.89 is vulnerable to PHP Object Injection, All in One WP Migration <= 7.89 - Unauthenticated PHP Object Injection, EUVD-2025-6287]
  • All-in-One WP Migration and Backup [all-in-one-wp-migration] < 7.98 [CVE-2025-8490, All-in-One WP Migration and Backup <= 7.97 - Authenticated (Administrator+) Stored Cross-Site Scripting via Import, EUVD-2025-25952]

Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.

Safer / more established alternatives

Check your own WordPress site

Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.