Description
WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner is prone to arbitrary command execution, directory traversal and information disclosure vulnerabilities. An attacker may leverage these issues to execute arbitrary commands within the context of the vulnerable application or to obtain potentially sensitive information which could help in launching further attacks. WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner version 3.1.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.1.2 or latest
References
http://www.vapid.dhs.org/advisories/wordpress/plugins/Xcloner-v3.1.1/
http://seclists.org/oss-sec/2014/q4/538
http://security.szurek.pl/xcloner-backup-and-restore-311-backup-download.html
Related Vulnerabilities
Joomla! Core 1.5.x Cross-Site Scripting (1.5.0 - 1.5.10)
Apache HTTP Server Resource Management Errors Vulnerability (CVE-2005-3357)
WordPress Plugin Click to Call or Chat Buttons Cross-Site Scripting (1.4.0)
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-43941)
WordPress Plugin Best Image Gallery & Responsive Photo Gallery-FooGallery Security Bypass (1.6.15)