EUVD-2025-201322

🗓️ 05 Dec 2025 01:55:21Reported by EUVDType

The WordPress XCloner plugin up to 4.8.2 has a CSRF flaw enabling unauthenticated changes to FTP.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-11759	5 Dec 202513:00	–	circl
CNNVD	WordPress plugin Backup, Restore and Migrate your sites with XCloner 跨站请求伪造漏洞	5 Dec 202500:00	–	cnnvd
CVE	CVE-2025-11759	5 Dec 202501:55	–	cve
Cvelist	CVE-2025-11759 Backup, Restore and Migrate your sites with XCloner <= 4.8.2 - Cross-Site Request Forgery in Xcloner_Remote_Storage:save()	5 Dec 202501:55	–	cvelist
NVD	CVE-2025-11759	5 Dec 202503:15	–	nvd
Patchstack	WordPress XCloner plugin <= 4.8.2 - Cross-Site Request Forgery in Xcloner_Remote_Storage:save() vulnerability	31 Dec 202500:00	–	patchstack
Positive Technologies	PT-2025-49185	5 Dec 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-11759	6 Dec 202502:53	–	redhatcve
Vulnrichment	CVE-2025-11759 Backup, Restore and Migrate your sites with XCloner <= 4.8.2 - Cross-Site Request Forgery in Xcloner_Remote_Storage:save()	5 Dec 202501:55	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (December 1, 2025 to December 7, 2025)	11 Dec 202517:00	–	wordfence

[
  {
    "enisaIdVendor": [
      {
        "id": "610734b1-2c67-370e-8d10-f0e9d731b026",
        "vendor": {
          "name": "watchful"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "6b8b7c5a-af6d-3ae5-a4c7-ff92109efa6c",
        "product": {
          "name": "Backup, Restore and Migrate your sites with XCloner"
        },
        "product_version": "* ≤4.8.2"
      }
    ]
  }
]

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-11759
plugins	www.plugins.trac.wordpress.org/changeset/3398881/xcloner-backup-and-restore
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/a76a8e36-635a-48a3-8683-c24a0395212e

05 Dec 2025 16:54Current

4.8Medium risk

Vulners AI Score4.8

CVSS 3.14.3

EPSS0.00013

SSVC