Description
WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information (filenames of previous backups) that could aid in further attacks. WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner version 3.1.4 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.1.5 or latest
References
https://gist.github.com/ldionmarcil/b223bb39694019d6f35a601ed7f841bf
https://wordpress.org/plugins/xcloner-backup-and-restore/changelog/
Related Vulnerabilities
Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-8419)
Drupal Core 4.7.x Form Action Attribute Injection (4.7.0 - 4.7.3)
WordPress Plugin WordPress Affiliates-SliceWP Cross-Site Scripting (1.0.45)
WordPress Plugin Widget Shortcode Cross-Site Scripting (0.3.5)
WordPress Plugin WP Maps-Display Google Maps Perfectly with Ease SQL Injection (4.1.4)