The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/9567d295-43c7-4e59-9283-c7726f16d40b | Exploit Third Party Advisory |
Configurations
History
07 Nov 2023, 03:41
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-352 |
20 Jul 2023, 17:46
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-352 |
Information
Published : 2022-06-27 09:15
Updated : 2024-02-28 19:09
NVD link : CVE-2022-0444
Mitre link : CVE-2022-0444
CVE.ORG link : CVE-2022-0444
JSON object : View
Products Affected
watchful
- xcloner