VYPR

Xcloner Backup And Restore

by WordPress

Source repositories

CVEs (4)

  • CVE-2024-6559MedJul 16, 2024
    risk 0.27cvss 5.3epss 0.00

    The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 4.7.3. This is due the plugin utilizing sabre without preventing direct access to the files. This makes it…

  • CVE-2025-11759MedDec 5, 2025
    risk 0.21cvss 4.3epss 0.00

    The Backup, Restore and Migrate your sites with XCloner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.2. This is due to missing or incorrect nonce validation on the Xcloner_Remote_Storage:save() function. This makes it…

  • CVE-2020-35948Jan 1, 2021
    risk 0.00cvss epss 0.25

    An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xcloner_restore.php…

  • CVE-2020-35950Jan 1, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in the XCloner Backup and Restore plugin before 4.2.153 for WordPress. It allows CSRF (via almost any endpoint).