Description

WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner is prone to two vulnerabilities which can be exploited by malicious people to conduct cross-site scripting attacks. Successful exploitation of this vulnerability requires that "register_globals" is enabled. WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner version 3.0 is vulnerable; other versions may also be affected.

Remediation

Update to plugin version 3.0.1 or latest

References

http://secunia.com/advisories/43520/

http://secunia.com/advisories/43538/

Related Vulnerabilities

WordPress Plugin Contact Form 7 Zendesk Cross-Site Scripting (1.0.7)

WordPress Plugin PDF & Print by BestWebSoft Cross-Site Scripting (1.9.3)

WordPress Plugin Absolute Privacy 'abpr_authenticateUser()' Security Bypass (2.0.5)

WordPress 4.9.x Multiple Vulnerabilities (4.9 - 4.9.10)

WordPress Plugin Featured Posts by BestWebSoft Cross-Site Scripting (1.0.0)

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update XSS