Main Vulnerability Database Vulnerabilities #VU46973

Improper access control in XCloner - Backup and Restore - #VU46973

Published: September 23, 2020

Vulnerability identifier: #VU46973

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
XCloner - Backup and Restore

Software vendor:
Liuta Ovidiu

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in multiple AJAX actions. A remote authenticated attacker can bypass implemented security restrictions and perform arbitrary actions, such as overwrite arbitrary files and disclose sensitive information on the system.

Remediation

Install updates from vendor's website.

External links

https://wpvulndb.com/vulnerabilities/10412/
https://www.wordfence.com/blog/2020/09/critical-vulnerabilities-patched-in-xcloner-backup-and-restore-plugin/

Improper access control in XCloner - Backup and Restore - #VU46973

Description

Remediation

External links

Please verify you're human