Description
WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently modify arbitrary files or obtain database dump. WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner versions starting from 4.2.1 and up to and including 4.2.12 are vulnerable.
Remediation
Update to plugin version 4.2.13 or latest
References
https://www.exploit-db.com/exploits/50077
https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2020-35948
Related Vulnerabilities
MongoDb Improper Authentication Vulnerability (CVE-2015-7882)
SharePoint CVE-2021-42294 Vulnerability (CVE-2021-42294)
MySQL CVE-2021-2194 Vulnerability (CVE-2021-2194)
Lighttpd Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4559)
Oracle Database Server CVE-2018-2841 Vulnerability (CVE-2018-2841)