{"containers":{"cna":{"providerMetadata":{"orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan","dateUpdated":"2023-07-24T09:55:42.558Z"},"title":"XCloner < 4.3.6 - Plugin Settings Reset","problemTypes":[{"descriptions":[{"description":"CWE-862 Missing Authorization","lang":"en","type":"CWE"}]},{"descriptions":[{"description":"CWE-352 Cross-Site Request Forgery (CSRF)","lang":"en","type":"CWE"}]}],"affected":[{"vendor":"Unknown","product":"Backup, Restore and Migrate WordPress Sites With the XCloner Plugin","versions":[{"status":"affected","versionType":"custom","version":"0","lessThan":"4.3.6"}],"defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins"}],"descriptions":[{"lang":"en","value":"The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key."}],"references":[{"url":"https://wpscan.com/vulnerability/9567d295-43c7-4e59-9283-c7726f16d40b","tags":["exploit","vdb-entry","technical-description"]}],"credits":[{"lang":"en","value":"Krzysztof Zając","type":"finder"},{"lang":"en","value":"WPScan","type":"coordinator"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"WPScan CVE Generator"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T23:25:40.479Z"},"title":"CVE Program Container","references":[{"url":"https://wpscan.com/vulnerability/9567d295-43c7-4e59-9283-c7726f16d40b","tags":["exploit","vdb-entry","technical-description","x_transferred"]}]}]},"cveMetadata":{"assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","assignerShortName":"WPScan","cveId":"CVE-2022-0444","datePublished":"2022-06-27T08:55:47.000Z","dateReserved":"2022-02-01T00:00:00.000Z","dateUpdated":"2024-08-02T23:25:40.479Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}