Clone < 2.4.3 – Unauthenticated Backup Download | CVE 2023-6750 | Plugin Vulnerabilities

Description

The plugin uses buffer files to store in-progress backup informations, which is stored at a publicly accessible, statically defined file path.

Proof of Concept

While a backup job is running, visitors can access one of the following files (it might take a couple tries, as the timing needs to be right):
 
"http://127.0.0.1/wordpress/wp-content/uploads/wp-clone/wpclone_backup/file.list",
"http://127.0.0.1/wordpress/wp-content/uploads/wp-clone/wpclone_backup/database.sql",
"http://127.0.0.1/wordpress/wp-content/uploads/wp-clone/wpclone_backup/prefix.txt"

Affects Plugins

wp-clone-by-wp-academy

Fixed in 2.4.3

References

CVE

URL

https://research.cleantalk.org/cve-2023-6750-clone-poc-exploit

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

Dmitrii Ignatyev

Submitter

Dmitrii Ignatyev

Submitter website

https://research.cleantalk.org

Verified

Yes

WPVDB ID

fad9eefe-4552-4d20-a1fd-bb2e172ec8d7

Timeline

Publicly Published

2023-12-18 (about 2 years ago)

Added

2023-12-18 (about 2 years ago)

Last Updated

2023-12-20 (about 2 years ago)

Other

Published

Title

Published

2024-02-14

Title

Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages < 1.7.3 - Unauthenticated Information Exposure

Published

2025-10-10

Title

Publitio <= 2.2.3 - Authenticated (Contributor+) Information Exposure

Published

2023-08-03

Title

WP Ultimate CSV Importer < 7.9.9 - Imported Files Disclosure

Published

2025-06-20

Title

Order Delivery Date Pro for WooCommerce < 12.6.0 - Unauthenticated Arbitrary Post Title Disclosure

Published

2025-10-14

Title

External Login <= 1.11.2 - Authenticated (Subscriber+) Sensitive Data Exposure via Test Connection