Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xcloner xcloner vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-35948
An issue exists in the XCloner Backup and Restore plugin prior to 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an malicious user to achieve remote code execution. The xcloner_restore.php wri...
Xcloner Xcloner
8.8
CVSSv3
CVE-2020-35950
An issue exists in the XCloner Backup and Restore plugin prior to 4.2.153 for WordPress. It allows CSRF (via almost any endpoint).
Xcloner Xcloner
6.5
CVSSv3
CVE-2020-13424
The XCloner component prior to 3.5.4 for Joomla! allows Authenticated Local File Disclosure.
Xcloner Xcloner
4.3
CVSSv3
CVE-2022-0444
The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin prior to 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated malicious users to reset them, including generating a new backup encryption ke...
Watchful Xcloner
NA
CVE-2015-4338
Static code injection vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary PHP code into the language files via a Translation LM_FRONT_* field for a language, as demonstrated by language/italian.php.
Xcloner Xcloner 3.1.2
NA
CVE-2015-4337
Cross-site scripting (XSS) vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the excl_manual parameter in the xcloner_show page to wpadmin/plugins.php.
Xcloner Xcloner 3.1.2
NA
CVE-2015-4336
cloner.functions.php in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to execute arbitrary commands via a file containing filenames with shell metacharacters, as demonstrated by using the backup comments feature to create the file.
Xcloner Xcloner 3.1.2
NA
CVE-2014-8603
cloner.functions.php in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to execute arbitrary code via shell metacharacters in the (1) file name when creating a backup or vectors related to the (2) $_CONFIG[tarpath], (3) $exclude, (4) $_CO...
Xcloner Xcloner 3.5.1
Xcloner Xcloner 3.1.1
1 EDB exploit
NA
CVE-2014-8605
The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote malicious users to obtain sensitive information via a direct request to a backup file in admin...
Xcloner Xcloner 3.5.1
Xcloner Xcloner 3.1.1
1 EDB exploit
NA
CVE-2014-8606
Directory traversal vulnerability in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to read arbitrary files via a .. (dot dot) in the file parameter in a json_return action in the xcloner_show page to wp-admin/admin-ajax.php.
Xcloner Xcloner 3.5.1
Xcloner Xcloner 3.1.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »