Xcloner Backup And Restore
by WordPress
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-6559 | Med | 0.27 | 5.3 | 0.00 | Jul 16, 2024 | The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 4.7.3. This is due the plugin utilizing sabre without preventing direct access to the files. This makes it… | ||
| CVE-2025-11759 | Med | 0.21 | 4.3 | 0.00 | Dec 5, 2025 | The Backup, Restore and Migrate your sites with XCloner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.2. This is due to missing or incorrect nonce validation on the Xcloner_Remote_Storage:save() function. This makes it… | ||
| CVE-2020-35948 | 0.00 | — | 0.25 | Jan 1, 2021 | An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xcloner_restore.php… | |||
| CVE-2020-35950 | 0.00 | — | 0.01 | Jan 1, 2021 | An issue was discovered in the XCloner Backup and Restore plugin before 4.2.153 for WordPress. It allows CSRF (via almost any endpoint). |
- risk 0.27cvss 5.3epss 0.00
The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 4.7.3. This is due the plugin utilizing sabre without preventing direct access to the files. This makes it…
- risk 0.21cvss 4.3epss 0.00
The Backup, Restore and Migrate your sites with XCloner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.2. This is due to missing or incorrect nonce validation on the Xcloner_Remote_Storage:save() function. This makes it…
- CVE-2020-35948Jan 1, 2021risk 0.00cvss —epss 0.25
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xcloner_restore.php…
- CVE-2020-35950Jan 1, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.153 for WordPress. It allows CSRF (via almost any endpoint).