CVE-2022-0444

Name of the Vulnerable Software and Affected Versions Backup, Restore and Migrate WordPress Sites With the XCloner Plugin versions prior to 4.3.6

Description The issue concerns a lack of authorization and CSRF checks when resetting settings in the plugin, allowing unauthenticated attackers to reset them. This includes the ability to generate a new backup encryption key.

Recommendations For versions prior to 4.3.6, update to version 4.3.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings reset functionality until a patch is applied.