Skip to main content

Xcloner

14 CVEs product

Monthly

CVE-2026-48965 MEDIUM This Month

Sensitive data exposure in the XCloner backup and restore WordPress plugin (versions up to and including 4.8.6) permits unauthorized access to subscriber-level sensitive information via a network-accessible attack path. The vulnerability is classified under CWE-201 (Insertion of Sensitive Information Into Sent Data), meaning the plugin inadvertently includes sensitive data in responses or transmitted content accessible without sufficient authorization controls. Discovered and reported by Patchstack, this flaw carries a CVSS 3.1 base score of 6.5 with no public exploit or CISA KEV listing identified at time of analysis.

Information Disclosure Xcloner
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-0444 MEDIUM POC This Month

The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Xcloner
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2020-13424 MEDIUM This Month

The XCloner component before 3.5.4 for Joomla!. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Xcloner
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2015-4338 MEDIUM This Month

Static code injection vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary PHP code into the language files via a Translation LM_FRONT_* field. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress PHP Code Injection Xcloner
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2015-4337 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the excl_manual parameter in the. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP Xcloner
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-4336 MEDIUM POC This Month

cloner.functions.php in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to execute arbitrary commands via a file containing filenames with shell metacharacters, as. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection WordPress PHP Xcloner
NVD
CVSS 2.0
6.5
EPSS
1.5%
CVE-2014-8607 LOW POC Monitor

The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla!. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Xcloner
NVD Exploit-DB
CVSS 2.0
2.1
EPSS
0.2%
CVE-2014-8606 MEDIUM POC This Month

Directory traversal vulnerability in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla!. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress PHP Xcloner
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
7.3%
CVE-2014-8605 MEDIUM POC This Month

The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla!. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Privilege Escalation Xcloner
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
7.7%
CVE-2014-8604 MEDIUM POC This Month

The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla!. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Xcloner
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
8.4%
CVE-2014-8603 MEDIUM POC This Month

cloner.functions.php in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla!. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress PHP Xcloner
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
6.2%
CVE-2014-2996 HIGH POC THREAT Act Now

XCloner Standalone 3.5 and earlier, when enable_db_backup and sql_mem are enabled, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 13.8%.

RCE PHP Code Injection Xcloner
NVD Exploit-DB VulDB
CVSS 2.0
7.1
EPSS
13.8%
CVE-2014-2579 HIGH POC This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) change the. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF WordPress PHP Xcloner
NVD Exploit-DB VulDB
CVSS 2.0
7.6
EPSS
1.3%
CVE-2014-2340 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF WordPress PHP Xcloner
NVD Exploit-DB VulDB
CVSS 2.0
6.8
EPSS
1.4%
EPSS 0% CVSS 6.5
MEDIUM This Month

Sensitive data exposure in the XCloner backup and restore WordPress plugin (versions up to and including 4.8.6) permits unauthorized access to subscriber-level sensitive information via a network-accessible attack path. The vulnerability is classified under CWE-201 (Insertion of Sensitive Information Into Sent Data), meaning the plugin inadvertently includes sensitive data in responses or transmitted content accessible without sufficient authorization controls. Discovered and reported by Patchstack, this flaw carries a CVSS 3.1 base score of 6.5 with no public exploit or CISA KEV listing identified at time of analysis.

Information Disclosure Xcloner
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Xcloner
NVD WPScan
EPSS 2% CVSS 6.5
MEDIUM This Month

The XCloner component before 3.5.4 for Joomla!. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Xcloner
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Static code injection vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary PHP code into the language files via a Translation LM_FRONT_* field. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress PHP +2
NVD
EPSS 0% CVSS 3.5
LOW POC Monitor

Cross-site scripting (XSS) vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the excl_manual parameter in the. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS WordPress PHP +1
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

cloner.functions.php in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to execute arbitrary commands via a file containing filenames with shell metacharacters, as. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection WordPress PHP +1
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla!. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Xcloner
NVD Exploit-DB
EPSS 7% CVSS 4.0
MEDIUM POC This Month

Directory traversal vulnerability in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla!. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress PHP +1
NVD Exploit-DB
EPSS 8% CVSS 5.0
MEDIUM POC This Month

The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla!. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Privilege Escalation Xcloner
NVD Exploit-DB
EPSS 8% CVSS 5.0
MEDIUM POC This Month

The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla!. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Xcloner
NVD Exploit-DB
EPSS 6% CVSS 6.5
MEDIUM POC This Month

cloner.functions.php in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla!. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress PHP +1
NVD Exploit-DB
EPSS 14% CVSS 7.1
HIGH POC THREAT Act Now

XCloner Standalone 3.5 and earlier, when enable_db_backup and sql_mem are enabled, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 13.8%.

RCE PHP Code Injection +1
NVD Exploit-DB VulDB
EPSS 1% CVSS 7.6
HIGH POC This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) change the. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF WordPress PHP +1
NVD Exploit-DB VulDB
EPSS 1% CVSS 6.8
MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF WordPress PHP +1
NVD Exploit-DB VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy