CVE-2022-0444
MEDIUMXCloner < 4.3.6 - Unauthenticated Settings Reset and Backup Encryption Key Generation
Title source: llmDescription
The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key.
References (1)
Core 1
Core References
Exploit, Third Party Advisory exploit
vdb-entry
technical-description
https://wpscan.com/vulnerability/9567d295-43c7-4e59-9283-c7726f16d40b
Scores
CVSS v3
4.3
EPSS
0.0028
EPSS Percentile
20.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Details
CWE
CWE-352
CWE-862
Status
published
Products (1)
watchful/xcloner
< 4.3.6
Published
Jun 27, 2022
Tracked Since
Feb 18, 2026