Critical Vulnerabilities Patched in XCloner Backup and Restore Plugin

Our Threat Intelligence team discovered an unprotected AJAX endpoint that resulted in critical vulnerabilities in the XCloner Backup and Restore plugin installed on over 30,000 sites. This flaw made it possible for authenticated attackers to steal sensitive information and modify arbitrary files on a site.

The official Wordfence blog has full details and guidance on keeping your sites safe…

Regards,

Chloe Chamberland – Wordfence Threat Analyst

http://brn.firetrench.com

http://ftnews.firetrench.com