Description

WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information (filenames of previous backups) that could aid in further attacks. WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner version 3.1.4 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 3.1.5 or latest

References

https://gist.github.com/ldionmarcil/b223bb39694019d6f35a601ed7f841bf

https://wordpress.org/plugins/xcloner-backup-and-restore/changelog/

Related Vulnerabilities

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-1938)

WordPress Plugin Fancy Product Designer-WooCommerce Arbitrary File Upload (4.6.8)

Oracle Database Server Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2006-1871)

Oracle HTTP Server CVE-2021-2315 Vulnerability (CVE-2021-2315)

WordPress Plugin Asgaros Forum Multiple Vulnerabilities (1.15.14)

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Directory Traversal