CVE-2020-35948: WordPress plugin vulnerability

An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xcloner_restore.php write_file_action could overwrite wp-config.php, for example. Alternatively, an attacker could create an exploit chain to obtain a database dump.

How to mitigate CVE-2020-35948

Time needed: 5 minutes.

Follow the instructions, as they will assist you in mitigating the WordPress vulnerability that been reported in CVE-2020-35948.

  1. Install the latest version of WordPress

    Navigate to the official WordPress website and download the latest version of WordPress. The latest version contains the CVE-2020-35948 fix.
    Update to the latest version

  2. Perform a vulnerability assessment

    Perform a scan on your WordPress environment(s), and check for vulnerabilities. Verify if CVE-2020-35948 has been mitigated.

  3. Utilize the references

    The CVE-2020-35948 references have been provided for a reason. Utilize these references and make sure that you are correctly informed.

References

  • wpscan.com/vulnerability/10412
  • www.wordfence.com/blog/2020/09/critical-vulnerabilities-patched-in-xcloner-backup-and-restore-plugin/
  • Share this information