Researchers have identified a CVE-2023-6750, a critical vulnerability affecting WP Clone that offers a seamless solution for backing up, migrating, or cloning WordPress sites. With over 90,000 active installations, it’s a go-to plugin for developers and website owners.
The vulnerability dubbed as CVE-2023-6750, this critical flaw carries a CVSS score of 9.8. This vulnerability resides in all versions of the WP Clone plugin up to and including 2.4.2, and it opens sensitive information exposure.
Researcher Dmitrii Ignatyev – Clean Talk Inc. has been credited for reporting this flaw.
Unauthenticated attackers can exploit this flaw to download database backups made with the plugin. Potential complete site takeover, turning a tool of convenience into a weapon against the site itself.
The developer team of WP Clone is aware of the vulnerability and has released a patched version – 2.4.3. Upgrading is critical, and it’s as simple as clicking a few buttons in your WordPress dashboard.
Please don’t delay, do it today! Even with the patch, it’s important to remember that website security is an ongoing process.
