CVE-2023-6750

Name of the Vulnerable Software and Affected Versions Clone WordPress plugin versions prior to 2.4.3

Description The Clone WordPress plugin uses buffer files to store in-progress backup information at a publicly accessible, statically defined file path. This issue potentially affects 90,000 sites, allowing unauthenticated attackers to exploit the flaw and download database backups made with the plugin, which could lead to a complete site takeover.

Recommendations For Clone WordPress plugin versions prior to 2.4.3, update to version 2.4.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the buffer files used by the plugin to minimize the risk of exploitation.