Almost all of the endpoints in the plugin were vulnerable to cross-site request forgery due to a failure to implement nonces and corresponding checks. An attacker could use a CSRF attack to trigger a backup or update plugin options, along with all of the malicious activity outlined in the reference below.
CPE | Name | Operator | Version |
---|---|---|---|
xcloner-backup-and-restore | lt | 4.2.153 |