- WordPress Plugin XCloner-Backup and Restore is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information (filenames of previous backups) that could aid in further attacks. WordPress Plugin XCloner-Backup and Restore version 3.1.4 is vulnerable; prior versions may also be affected.
- Update to plugin version 3.1.5 or latest
- WordPress Plugin BackWPup Cross-Site Scripting (3.0.12)
- WordPress Plugin Live Forms-Visual Form Builder SQL Injection (3.0.1)
- WordPress Plugin BackWPup Remote and Local Code Execution (1.6.1)
- WordPress Plugin wpForo Forum Cross-Site Scripting (1.4.11)
- WordPress Plugin Page Builder:KingComposer-Free Drag and Drop page builder by King-Theme Arbitrary File Upload (2.7.4)