CVE-2014-8605

Name of the Vulnerable Software and Affected Versions XCloner plugin version 3.1.1 for WordPress XCloner plugin version 3.5.1 for Joomla!

Description The issue allows remote attackers to obtain sensitive information by directly requesting a backup file due to predictable file names and insufficient access control. The backup files are stored under the web root in administrators/backups/.

Recommendations For XCloner plugin version 3.1.1 for WordPress, restrict access to the administrators/backups/ directory to prevent unauthorized access to backup files. For XCloner plugin version 3.5.1 for Joomla!, restrict access to the administrators/backups/ directory to prevent unauthorized access to backup files.