- WordPress Plugin XCloner-Backup and Restore is prone to a vulnerability which can be exploited by malicious people to disclose sensitive information. Input passed via the "config" parameter to wp-content/plugins/xcloner-backup-and-restore/cloner.cron.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks. WordPress Plugin XCloner-Backup and Restore version 3.0.3 is vulnerable; other versions may also be affected.
- Update to plugin version 3.0.4 or latest
- WordPress Plugin WP-VR-view-Add Photo Sphere, 360 video to WordPress Cross-Site Scripting (1.6)
- WordPress Plugin Ninja Forms-The Easy and Powerful Forms Builder Multiple Cross-Site Scripting Vulnerabilities (2.9.21)
- WordPress Plugin User registration & user profile-Profile Builder Cross-Site Scripting (2.0.2)
- WordPress Plugin MyLiveChat-Free Live Chat Plugin for WordPress Cross-Site Scripting (2.0.1)
- WordPress Plugin Work The Flow File Upload Arbitrary File Upload (2.3.1)