WordPress Plugin XCloner-Backup and Restore is prone to a vulnerability which can be exploited by malicious people to disclose sensitive information. Input passed via the "config" parameter to wp-content/plugins/xcloner-backup-and-restore/cloner.cron.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks. WordPress Plugin XCloner-Backup and Restore version 3.0.3 is vulnerable; other versions may also be affected.
Update to plugin version 3.0.4 or latest