Description
WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner is prone to a vulnerability which can be exploited by malicious people to disclose sensitive information. Input passed via the "config" parameter to wp-content/plugins/xcloner-backup-and-restore/cloner.cron.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks. WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner version 3.0.3 is vulnerable; other versions may also be affected.
Remediation
Update to plugin version 3.0.4 or latest
References
Related Vulnerabilities
Chamilo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-39061)
WordPress 2.0.5 Charset Decoding SQL Injection Vulnerability (0.6.2 - 2.0.5)
Caddy Web Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-29718)
WordPress Plugin WP Htaccess Editor Unspecified Vulnerability (1.0.1)
MediaWiki Improper Access Control Vulnerability (CVE-2012-4379)