WordPress Plugin XCloner-Backup and Restore 'config' Parameter Local File Inclusion (3.0.3)

Description
  • WordPress Plugin XCloner-Backup and Restore is prone to a vulnerability which can be exploited by malicious people to disclose sensitive information. Input passed via the "config" parameter to wp-content/plugins/xcloner-backup-and-restore/cloner.cron.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks. WordPress Plugin XCloner-Backup and Restore version 3.0.3 is vulnerable; other versions may also be affected.
Remediation
  • Update to plugin version 3.0.4 or latest
References