Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner 'mosmsg' and 'option' Parameters Cross-Site Scripting Vulnerabilities (3.0)

Description

WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner is prone to two vulnerabilities which can be exploited by malicious people to conduct cross-site scripting attacks. Successful exploitation of this vulnerability requires that "register_globals" is enabled. WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner version 3.0 is vulnerable; other versions may also be affected.

Remediation

Update to plugin version 3.0.1 or latest

References

http://secunia.com/advisories/43520/

http://secunia.com/advisories/43538/

Related Vulnerabilities

Sqlite NULL Pointer Dereference Vulnerability (CVE-2019-19242)

MySQL CVE-2021-2014 Vulnerability (CVE-2021-2014)

Oracle Database Server CVE-2008-2602 Vulnerability (CVE-2008-2602)

WordPress Plugin Limit Login Attempts Reloaded Security Bypass (2.17.3)

WordPress Plugin Simple PDF Viewer Cross-Site Scripting (1.9)

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update XSS