CVE-2025-11759

Name of the Vulnerable Software and Affected Versions XCloner versions prior to 4.8.3

Description The Backup, Restore and Migrate your sites with XCloner plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on the Xcloner Remote Storage:save() function. This allows unauthenticated attackers to add or modify an FTP backup configuration through a forged request if they can trick a site administrator into performing an action, such as clicking a link. Successful exploitation enables an attacker to configure an attacker-controlled FTP site for backup storage and potentially exfiltrate sensitive site data.

Recommendations Versions prior to 4.8.3 should be updated.