Description
WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner is prone to two vulnerabilities which can be exploited by malicious people to conduct cross-site scripting attacks. Successful exploitation of this vulnerability requires that "register_globals" is enabled. WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner version 3.0 is vulnerable; other versions may also be affected.
Remediation
Update to plugin version 3.0.1 or latest
References
Related Vulnerabilities
WordPress Plugin Contact Form 7 Zendesk Cross-Site Scripting (1.0.7)
WordPress Plugin PDF & Print by BestWebSoft Cross-Site Scripting (1.9.3)
WordPress Plugin Absolute Privacy 'abpr_authenticateUser()' Security Bypass (2.0.5)
WordPress 4.9.x Multiple Vulnerabilities (4.9 - 4.9.10)
WordPress Plugin Featured Posts by BestWebSoft Cross-Site Scripting (1.0.0)