CVE-2026-48965 WordPress XCloner plugin <= 4.8.6 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in XCloner = 4.8.6 versions...

EUVD-2025-201322

The Backup, Restore and Migrate your sites with XCloner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.2. This is due to missing or incorrect nonce validation on the XclonerRemoteStorage:save function. This makes it possible for...

WordPress XCloner Backup, Restore and Migrate Plugin <= 4.7.3 is vulnerable to Sensitive Data Exposure

Software XCloner Backup, Restore and Migrate Type Plugin Vulnerable versions = 4.7.3 Fixed in 4.7.4 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6559 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 382b1355c9ee Credits...

WordPress Xcloner Plugin and Joomla! Xcloner Plugin Execute Arbitrary Code Vulnerability

WordPress is the WordPress Software Foundation a set of blogging platform developed using the PHP language . Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. XCloner is one of the plug-ins used to back up and restore data and...

WordPress XCloner Plugin - Multiple Vulnerabilities

XCloner plugin is prone to multiple vulnerabilities, such as: unauthenticated remote access to backup files via easily guessable file names, arbitrary command execution and authenticated remote file access. Also, clear text MySQL password exposure through HTML text box. Solution Upgrade the plugi...